Data, Information and System Security
Information and Communication Technologies are being increasingly used in almost all social and economic areas. This has led to extensive changes during the last decades, e.g. in terms of optimising production processes or establishing new distribution models. The thereby created diverse and more flexible configuration possibilities are paralleled by a loss of control and security. That is why numerous security solutions have been developed to support this sector. The aim of IT-security is to protect organisations and humans from harm through failure, manipulations or abuse, which notably occurs in case of information- and data loss.
 |
|---|
|
Image by |
In a nutshell, IT-security is about safe interaction with information and data. Risks and threats for IT systems always rise at the level of information or at transition points and interfaces where information is transformed from one form into another. An example is user authentication by password entry. A professional IT-security management must ensure protection of IT systems and information during their whole lifecycle, from data creation to editing, transfer, and storage, and finally to deletion.
The Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI) in Germany lists five different threat categories in their baseline security manual. In general all ofthese threats can be attributed to a missing or inadequate IT-security concept. This comprises in particular IT-infrastructure security (e.g. server, network, computer, and mobile devices), building security, data security, computer virus protection, communication security (e.g. telephone, fax, e-mail, and internet), and contingency plans.
To minimise the risks, IT-security requires a comprehensive analysis of the organisation’s IT-structures and IT-systems. In addition to the exact definition of the devices and resources to be included (e.g. IT-systems, IT-infrastructure, processes) risk analysis is a key feature in order to establish the IT-security concept as substantial part of a risk management process. Such an IT-security concept must describe responses to potential risks and has to meet other requirements, in particular performance targets and quality or architecture requirements.
Document Actions
