Definition

security

This definition is part of our Essential Guide: Creating and maintaining a corporate app store: Strategies for success

Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, malicious and accidental threats. This defense includes detection, prevention and response to threats through the use of security policies, software tools and IT services.

Security is critical for enterprises and organizations of all sizes and in all industries. Weak security can result in compromised systems or data, either by a malicious threat actor or an unintentional internal threat. Not meeting security standards that are regulated by a separate organization or law, such as PCI DSS 3.0 or HIPAA compliance, can also result in financial penalties.

Physical security

Physical security is the protection of personnel, hardware, software, networks and data from physical actions, intrusions and other events that could damage an organization. This includes natural disasters, fire, theft and terrorism, among others. Physical security for enterprises often includes employee access control to the office buildings as well as specific locations, such as data centers. An example of a common physical security threat is an attacker gaining entry to an organization and using a USB storage drive to either copy and remove sensitive data or physically deliver malware directly to systems. Threats to physical security may require less technical savvy on the part of the attacker, but physical security is just as important as information security.

Information security

Information security, also called infosec, encompasses a broad set of strategies for managing the process, tools and policies that aim to prevent, detect and respond to threats to both digital and nondigital information assets. Infosec includes several specialized categories, including:

Application security - the protection of applications from threats that seek to manipulate application and access, steal, modify or delete data. These protections use software, hardware and policies, and are sometimes called countermeasures. Common countermeasures include application firewalls, encryption programs, patch management and biometric authentication systems.

Cloud security - the set of policies and technologies designed to protect data and infrastructure involved in a cloud computing environment. The top concerns that cloud security looks to address are identity and access management, and data privacy.

Endpoint security - the part of network security that requires network devices nodes to meet certain security standards before they can connect to a secure network. Nodes devices include PCs, laptops, smartphones and tablets. Endpoint security also extends to equipment like point-of-sale (POS) terminals, bar code readers and IoT devices.

Internet security - the protection of software applications, web browsers and virtual private networks (VPNs) that use the internet. Using techniques such as encryption and internet security aim to defend the transfer of data from attacks like malware and phishing as well as denial-of-service (DoS) attacks.

Mobile security - the protection of portable devices, such as smartphones, tablets and laptops. Mobile security, also known as wireless security, secures the devices and the networks they connect to in order to prevent theft, data leakage and malware attacks.

Network security - the protection of a network infrastructure and the devices connected to it through technologies, policies and practices. Network security defends against threats such as unauthorized access, and malicious use and modifications.

Security concepts and principles

Security in IT is a broad concept that blankets many different ideas and principles. Some of the most important security concepts and principles are:

Defense in depth - a strategy that uses multiple countermeasures to protect information and is based on the military principle that it's more difficult for an enemy to beat a multilayered defense system than it is to beat a single layer.

Least privilege - a principle that limits user and program access to the lowest possible level of access rights in order to strengthen security.

Vulnerability management - an approach to security that requires checking for vulnerabilities, identifying them, verifying them, mitigating them and patching the vulnerabilities.

Risk management - the process of identifying, assessing and controlling risks to an organization's IT environment.

Patch management - an area of systems management that involves acquiring, testing and installing patches and updates for flawed code in applications, operating systems and firmware.

Application lifecycle management - the  concept of protecting all stages of the development of an application to reduce its exposure to bugs, design flaws and configuration errors, such as not changing default passwords that could be exploited by attackers.

While there are many other concepts and principles that make up security, these are some of the most important. The combination of all of these principles will not guarantee security for an organization, but it puts the organization in a better position to defend itself from infosec threats.

This was last updated in January 2017

Continue Reading About security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

5 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you think security has evolved and changed? Does anything remain the same?
Cancel
security is one of the most important issue in the world and also with out security we can,t live however security is one of the essential issue , so when we have best security i promise that we can improve our all needs and country for the ever.

Cancel
That's true @amirsafi522. Security to protect our digital data is incredibly important and its among the top concerns in IT. 
Cancel
Today, cybersecurity is NOT implemented across the entire Cyber System. We need to provide Security for the entire Cyber System to be fully secure.
Cancel
Security should always be defined as a "Work in Progress" we should always be looking to see how we can improve our security and systems/networks etc.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close