The Complete Beginner’s Definitions to IT Security, Information Security and Data Protection

There is a multitude of valuable, sometimes even confidential, data in companies that must not get into wrong hands:
HR data, pay slips, design data, supplier lists and the list goes on.
Ensuring their confidentiality, integrity and security is the subject of information security.

Information Security

Information Security aims to ensure the general confidentiality, security and integrity of all types of data.
Correspondingly labeled data must not be passed on to unauthorised personal and must be protected against all losses and manipulation.

One goal of information security is to minimize economic damage and risks associated with data processing.

Think of a typical use case online:
During a web shop order, customer data is transmitted electronically, supplier orders are automatically triggered and payments are processed with the involvement of external service providers.

These processes place high demands on the protection of the exchanged information against loss or manipulation during its creation, processing and storage.
IT security focuses on ensuring those high demands are met.

IT Security

IT Security aims at the secure creation, processing and storage of electronic data.
Information security and IT security are closely interwoven.

If, for example, confidential information such as credit card statements, account statements or telephone lists is improperly disposed of in the trash, it can be intercepted by potential attackers and used for their own goals.
IT security systems can not intervene with information obtained in this way and cyber attacks can therefore hardly be prevented.

Data Security

Data Security aims at the protection of data from loss in everyday business life.
However, data security is not synonymous with data protection.

While the type and scope of data security are largely left to the company itself, operational data protection has been regulated by the European General Data Protection Regulation (EU GDPR) since May 25, 2018.
This replaced the previously valid Federal Data Protection Act (BDSG) in Germany.

Privacy

relates to the protection of personal data.

In some cases, the European General Data Protection Regulation (EU GDPR) even prescribes the appointment of a data protection officer for a company:

  • If at least 20 people in the company are constantly involved in the automated processing of personal data
  • Data processing is the company’s main line of business
  • Extensive, regular and systematic observation of people is required due to the purpose and scope of the business activity.

Data protection is regulated within the EU GDPR.

Depending on the size of the company and the object of the data processing company, the appointment of a data protection officer may be required by law.

Many cyber attacks can be traced back to negligence in information security and can hardly be prevented with pure IT security measures.

Once a cyberattack occurs, the top priority is to restore manipulated or deleted data and quickly resume operations. This makes regular data backups with a backup program and the mirroring of the data stocks easier.

Photo by Jesse Collins on Unsplash

--

--

My passion are software products and technologies that help companies pursue their goals and offer customers a user-friendly experience.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Minkovski

My passion are software products and technologies that help companies pursue their goals and offer customers a user-friendly experience.