IT Security or Cyber Security?
In general Information Security programs are built around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability.
Confidentiality – means information is not disclosed to unauthorized individuals, entities and process.
Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way.
Availability – means information must be available when needed.
Often people use the terms IT security, information security and cyber security interchangeably. Also many will categorize IT security under physical security, information security and cybersecurity, one can also tell all these could be a subset of overall IT Security.
Security categories thoughts can be defined as:
1. Physical Security: Physical security measures are designed to protect personnel (people) as well as infrastructure (such as hardware, software, networks and data etc.) from physical actions and events that could cause serious loss or damage to an enterprise.
It not only focuses on securing server room, wiring closet, building and building perimeter but also includes securing physical assets from natural disasters, flood, fire, terrorism, theft, vandalism etc. While all Physical locations are different, certain best practices are common in many different types of security plans, which involves many interdependent systems such as CCTV, surveillance cameras, locks, protective barriers, security guards, proper lighting up of parking lots & buildings, access controls etc.
2. Information Security: Information security measures are designed to protect raw and unprocessed data as well as information derived from those data.
This category more focuses on electronic data and information and not on actual / physical equipment but includes physical data such as papers, documents etc. Best practices here focuses on data monitoring techniques, data backup policies and procedures also includes monitoring data at rest (e.g. offsite backups).
3. Cybersecurity: Cybersecurity is about securing things that are vulnerable through information and communications technologies. It is protecting electronic assets such as the Internet, internet-connected systems, including hardware WAN and LAN resources etc. Also securing things that are vulnerable through information and communications technologies, it includes information and/or data, both physical and digital, as well as non-information i.e. Information of Things (IoT) such as cars, traffic lights, electronic appliances, etc. Kill chains, zero-day attacks, ransomware, Malware, Social engineering, Phishing alert, etc. are just a few of the challenges that cybersecurity professionals face.
Irrespective of one uses terms “IT Security” or “Cybersecurity” as any of them doesn’t matter much because it is the practice of defending an organization’s networks, computers, and data from unauthorized access, attack, or damage by implementing various processes, technologies and practices.
In their most basic forms, all refer to the same thing: confidentiality, integrity, and availability of information.
The content of this post is the opinion of the author and does not reflect the views of TAJ Technologies, Inc.
Content contributed by Ash Dhandhusaria, Infrastructure Manager and Edited by Sonia Sukumar
With summer comes many warm-weather distractions, but this shouldn't keep you from peak productivity. However, with a few simple tweaks to the start and end of your workday, you can enjoy both professional productivity and summer fun.Read More