IT Security means guaranteeing the confidentiality, integrity and availability of IT systems. The term IT Security covers all technological measures for preventing potential risks to IT usage. The aim of IT-Security is to protect data and stems from the need to prevent persons or organizations from gaining unauthorized access and stealing data (e.g. hackers, cybercrime, fraud).
Three protection goals of IT security
The three essential (part-)protection goals of IT-securtiy are confidentiality, integrity and availability. The effectiveness of IT security isn't captured in a single measurement, but rather the strength of IT security can be measured through the extent to which these threes goals are achieved:
Data, information or resources are secured against unauthorized access. Confidentiality is achieved when protected data can only be accessed by authorized persons.
The integrity of data, information and resources is ensured. Integrity is achieved when protected data cannot be altered without authorization.
Using an IT system is possible for every authorized user. Availability is achieved when authorised users can make use of their entitlements without disturbance.
Safety measures in IT Security
Safety measures for the manufacturing and maintenance of IT security can be divided into technical and organizational measures. They can be further sub-divided into preventative, detection and reactive measures.
Examples of organizational measures are employee training (prevention), regulations for logfile analysis (detection) and security incident response processes (reaction).
Examples of technical measures are firewalls (prevention), intrusion detection systems (detection) and automatic reconfiguration (reaction).
See also: Common Criteria
, Data Protection
, Data Security