IT Security means guaranteeing the confidentiality, integrity and availability of IT systems. The term IT Security covers all technological mass measures for preventing potential risks for IT usage. The role of IT-Security is to protect data and results from persons or organisations from abusing access and stealing (e.g. hackers, cybercrime, fraud).
Three protection goals of IT security
The three essential (part-)protection goals of IT-securtiy are confidentiality, integrity and availability. The level of fulfillment of IT securtiy cannot be measured as such, but rather the definition of the strength of IT securtiy can be measured through the level of fulfillment of these three aims:
Data, information or resources are secured against unauthorised access. Confidentiality is achieved when the protected data can only be accessed by entitled persons.
The integrity of data, information and resources is ensured. Integrity is achieved, when protected data cannot be changed without authorisation.
Using an IT system is possible for every authorised user. Availability is achieved, when authorised users can make use of their privileges without disturbance.
Safety measures in IT Security
The safety measures for the manufacturing and maintenance of IT security can be divided into technical and organisational measures. They can further be divided into preventive, detection and reactive measures.
Examples for organisational measures are the employee training (prevention), regulations for logfile analysis (detection) and security incident response processes (reaction).
Examples for technical measures are firewalls (prevention), intrusion detection systeme (detection) and automatic reconfiguration (reaction).
See also: Common Criteria
, Data Protection
, Data Security