Right away: IT security is not just information security – although often both terms are used in the same way (especially if not exactly translated from English into another language), there is a subtle difference which will help you to define the term.
In principle, this difference is the “T” in the name – because IT security stands for “Information Technology Security”. But that sounds rather bulky – that’s why we prefer to stick with “IT security”.
Information security vs. IT security
The term information security means protective measures for ALL systems that process or store information in any way. It does not matter whether these are digital or “analogue”. So the computer is meant as well as a stack of handwritten, confidential documents.
IT security is a subarea of information security. In fact, only the protective measures of so-called “socio-technical” systems are meant here. Socio-technical systems are nothing more than systems in which humans use information technology to store and process data.
Incidentally, according to the dictionary, information technology is defined as “technology for the collection, transmission, processing and storage of information by computers and telecommunications equipment”.
So far so good. However, since nowadays only in very few exceptional situations no IT is used at all, IT security covers a very large part of information security.
An example of an IT-less application of information security might be the hand-written secret recipe in the safe of your favourite restaurant. But that is not what this unit is about.
There are also other sub-concepts in IT security whose initial overview is worthwhile – especially how they are connected:
- Computer security: This refers specifically to the security measures of local and networked computer systems themselves. How safe is a computer from unauthorized access or manipulation? What happens if a computer “crashes”?
- Data protection: The term is a real buzzword – quite rightly, because “data protection is personal protection”. This aspect is the most important one for the private person, because it is about the protection of one’s own personal data from misuse. Privacy and anonymity are a sensitive issue in a digitalised world.
- Data security: This is again, of more technical nature. It is not so much a question of legal issues, but simply how to protect data from manipulation or loss. Data security can be understood as the technical preliminary stage for successful data protection.
- Data backup: This is specifically about (multiple) backups of data – you are most likely familiar with the term “backup”. And nothing else is data backup too: the correct duplication of data to prevent its loss.
The following diagram makes the context of all the terms learnt clearer:
IT security makes up a large part of information security and consists mainly of computer security and data security. Data security is the basis for successful data protection and data backup.
Data and information
Now you have read the terms “data” and “information” so often, you will surely want to know the difference:
By the way, this is also the basic idea behind encryption, no matter whether it is done on the computer or by hand. You leave data without context, maybe even mix it up. Only someone who also understands the context can understand the meaning of the sequence of numbers.
For whom is the implementation of IT security now important?
Actually, for everyone with a computer – whether as an individual or in an organisation. Nevertheless, it helps to classify the implementation areas of IT security a little more precisely, also in order to be able to later assign the threats and corresponding measures to the correct area of application.
The main distinction is whether devices and data are used privately or within an organization.
Private sector: This concerns individuals and devices that are used privately. This includes your own laptop or smartphone, for example. Whether you use it publicly, for example in the WLAN of a university, is of secondary importance – the important thing is that you use the device to manage your private data.
Companies and organizations: These are devices that can be used to access the data of companies or organisations – for example, company laptops or company telephones. This refers to both commercial enterprises and state companies and organizations it is about shared data, that belong to an organization.
What exactly are the differences between these two areas of application?
- Private area
Almost every software always has programming errors in some way or another. This can be due to inaccuracy, but also simply due to ignorance – because nobody can know by which “backdoor” or by which special feature in the software code unwanted access can be gained.
This is particularly problematic because most devices are constantly connected to the Internet. These include the private computer, the smartphone, the smartwatch, but also the television or the voice assistant. In most cases, the “break-in” or unauthorized access to personal data is then carried out via the Internet. Data theft can also take place physically, e.g. by breaking in and stealing the computer.
It should be noted: it can happen quickly and passwords for online banking are stolen, important documents are lost, or private photos are public.
IT security is an important topic in the private sector – yet the applied means of IT security are less pronounced in this area – be it due to a lack of awareness on the part of the persons using the system or also due to fewer technical possibilities.
- Companies and organisations
When it comes to IT security in companies, the main focus is of course on economic interests. Although the technical implementation of IT security is usually better than in the private sector, the criminal energy behind possible IT attacks is much higher.
One thinks of banks and insurance companies that manage a lot of money. Or technical high-tech companies that want to secure their prototypes and ideas from the competition.
Here too, IT systems are now connected via the Internet. An example of this would be the use of a cloud service from several company locations: a cloud server provides storage space for documents that can be read and edited over the Internet from all locations. Here, it must above all be ensured that only authorized persons can access these documents.
Large companies now have their own departments that only deal with IT security and invest a lot of money to stay up-to-date. Because here, too, the following applies: HOW an IT attack will happen is not known beforehand – so the main thing is to be able to react quickly IF an attack occurs.
By the way, there are standardised documents for IT security, so-called basic protection catalogues, which present detailed IT security models. However, IT is developing so fast that following these catalogues alone is not enough and some of them quickly become outdated.
IT security is a subarea of information security and means all protective measures in the processing and storage of data with the help of information technology systems. This includes computers as well as all other means of telecommunication in private and business environments.IT security can also be defined in sub-areas that are linked together:
The areas of application of IT security can be assigned to the private as well as the corporate and public sector. Since most devices are connected to the Internet, the dangers of IT attacks and the measures for IT security are quite similar in all areas – differences can be found in personal awareness and technological factors.