Information security is a state of technical or non-technical systems for information processing, storage and storage, which is intended to ensure the protection goals of confidentiality, availability and integrity. Information security serves to protect against dangers or threats, to avoid economic damage and to minimize risks.
In practice, information security in the context of IT security management is based on the international, among other things. In many countries, an approach based on IT baseline protection is widespread. In the field of evaluation and certification of IT products and systems, the ISO/IEC 15408 standard (Common Criteria) is often used. Many of the following terms are interpreted differently depending on the author and environment.
For the abbreviation IT, the term information technology is used synonymously with information technology. The technical processing and transmission of information is at the forefront of IT.
---
The property of functional safety refers to the fact that a system behaves in accordance with the expected functionality and can also include further risk-reducing measures. These measures are then referred to as functional safety. Information security refers to the protection of the technical processing of information and is a property of a functionally reliable system. It is intended to prevent unauthorized data manipulation or the disclosure of information.
The term information security often refers to global information security in which the number of possible malicious scenarios is reduced in summary or the effort required to compromise the operator is disproportionate to the expected information gain. From this point of view, information security is an economic factor that must be reckoned with, for example, in companies and organizations. In addition, the term also refers to security under a certain scenario. In this sense, information security exists when it is no longer possible to attack the system via an already known path. It is called a binary quantity because the information can be either certain or not certain when using this particular method.
The following aspects are included in the comprehensive term information security (protection of processed information):
IT security
IT security refers to strategies and measures to ensure the availability of IT systems and to prevent unauthorized access and unauthorized modification of information. IT security thus means sealing off IT systems against external attacks and protecting against imminent dangers from within.
IT security plays a key role in the security of socio-technical systems. IT or ICT systems are part of the socio-technical systems. One of the tasks of IT security is the protection of ICT systems of organizations (e.g. companies) against threats. Among other things, this is intended to prevent economic damage.
IT security is a part of information security. In contrast to IT security, information security includes not only the security of IT systems and the data stored therein, but also the security of information that is not processed electronically; For example, the “principles of information security” can also be applied to a restaurant’s hand-written recipes (since the confidentiality, integrity and availability of the recipes can be extremely important for the restaurant, even if that restaurant is operated completely without the use of any IT system).
Computer security
Computer security is the security of a computer system against failure (referred to as unplanned or planned downtime) and manipulation (data security) as well as against unauthorized access.
Data security
Data security is a term that is often associated with data protection and must be distinguished from it: data security has the technical goal of securing data of any kind to a sufficient extent against loss, manipulation and other threats. Adequate data security is a prerequisite for effective data protection.
There is an approach called data-centric security, which focuses on the security of the data itself, rather than the security of networks, servers, or applications.
Data backup
Data backup was the original legal term for data security.
Privacy
Data protection is not about protecting general data from damage, but about protecting personal data from misuse. The protection of personal data is based on the principle of informational self-determination.
Privacy must be protected, i.e. personal data and anonymity must be preserved. In addition to data security, data protection requires the exclusion of access to data with unauthorized reading by unauthorized third parties.
Only if appropriate protective measures are taken can it be assumed that confidential or personal data will not fall into the hands of unauthorized persons. As a rule, this refers to technical and organizational measures for data protection, which are described in particular in Art.
