What is IT-Security?
IT security is responsible for protecting an organization’s assets such as information, computers and software. IT security is included as part of total security and must deal with protection against threats and dangers to the organization and its operations. The threats can be, for example, disasters, foreign power or individuals who can harm the organization.
An important part of the work with IT security involves understanding different threat scenarios, managing probabilities of being exposed to harm and balancing the costs of countermeasures for protection against the value of what is being protected.
Information security, cyber security and GDPR. They all have the same purpose, but with slightly different focuses. It’s about avoiding risks in the digital world.
Information security is to preserve the confidentiality, accuracy and availability of information.
Information security includes both administrative and technical measures.
Examples of administrative measures are regulations and procedures for authorization.
Examples of technical measures can be login with password, firewall or physical control.
Definition of Information Security:
- Confidentiality That only authorized persons, entities or processes may access the information.
- Correctness That the information can be trusted to be correct and not manipulated or destroyed.
- Availability That the information is always available when it is needed.
Involves all activities necessary to protect network and information systems, users of these systems and other affected persons against cyber threats.
Cyber security is thus to protect systems, networks and programs against cyber threats where in the end it is people who must be protected. The aim is that an organization or individual should not be prevented from solving their tasks.
Cyber attacks are aimed at accessing, changing or destroying sensitive information.
The cyber attack is thus a shot in the heart of the business model and cyber security the bulletproof vest.
When it comes to security in the GDPR (General Data Protection Regulation), it is the rights and freedoms of natural persons that must be protected and thus personal data incidents that must be avoided. A personal data incident can be described as a cyber attack against your personal data. This is how a personal data incident is defined in the GDPR:
A personal data incident is a security incident that leads to the accidental or unlawful destruction, loss or alteration or to the unauthorized disclosure of or unauthorized access to the personal data transferred, stored or otherwise processed.