IT Security or Cyber Security?
Remote work brings many challenges for information security - Best Security Practices to follow while working remotely
In general Information Security programs are built around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability.
Confidentiality – means information is not disclosed to unauthorized individuals, entities and process.
Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way.
Availability – means information must be available when needed.
Often people use the terms IT security, information security, and cybersecurity interchangeably. Also many will categorize IT security under physical security, information security, and cybersecurity, one can also tell all these could be a subset of overall IT Security.
Security categories thoughts can be defined as:
1. Physical Security: Physical security measures are designed to protect personnel (people) as well as infrastructure (such as hardware, software, networks, and data, etc.) from physical actions and events that could cause serious loss or damage to an enterprise.
It not only focuses on securing server room, wiring closet, building and building perimeter but also includes securing physical assets from natural disasters, flood, fire, terrorism, theft, vandalism, etc. While all Physical locations are different, certain best practices are common in many different types of security plans, which involve many interdependent systems such as CCTV, surveillance cameras, locks, protective barriers, security guards, proper lighting up of parking lots & buildings, access controls, etc.
2. Information Security: Information security measures are designed to protect raw and unprocessed data as well as information derived from those data.
This category more focuses on electronic data and information and not on actual/physical equipment but includes physical data such as papers, documents, etc. Best practices here focus on data monitoring techniques, data backup policies, and procedures that also include monitoring data at rest (e.g. offsite backups).
3. Cybersecurity: Cybersecurity is about securing things that are vulnerable through information and communications technologies. It is protecting electronic assets such as the Internet, internet-connected systems, including hardware WAN and LAN resources, etc. Also securing things that are vulnerable through information and communications technologies, it includes information and/or data, both physical and digital, as well as non-information i.e. Information of Things (IoT) such as cars, traffic lights, electronic appliances, etc. Kill chains, zero-day attacks, ransomware, Malware, Social engineering, Phishing alert, etc. are just a few of the challenges that cybersecurity professionals face.
Irrespective of one uses terms “IT Security” or “Cybersecurity” as any of them doesn’t matter much because it is the practice of defending an organization’s networks, computers, and data from unauthorized access, attack, or damage by implementing various processes, technologies and practices.
In their most basic forms, all refer to the same thing: confidentiality, integrity, and availability of information.
The content of this post is the opinion of the author and does not reflect the views of TAJ Technologies, Inc.
Content contributed by Ash Dhandhusaria, Infrastructure Manager and Edited by Sonia Sukumar