BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, malicious and accidental threats. This defense includes detection, prevention and response to threats through the use of security policies, software tools and IT services.
Security is critical for enterprises and organizations of all sizes and in all industries. Weak security can result in compromised systems or data, either by a malicious threat actor or an unintentional internal threat. Not meeting security standards that are regulated by a separate organization or law, such as PCI DSS 3.0 or HIPAA compliance, can also result in financial penalties.
Physical security is the protection of personnel, hardware, software, networks and data from physical actions, intrusions and other events that could damage an organization. This includes natural disasters, fire, theft and terrorism, among others. Physical security for enterprises often includes employee access control to the office buildings as well as specific locations, such as data centers. An example of a common physical security threat is an attacker gaining entry to an organization and using a USB storage drive to either copy and remove sensitive data or physically deliver malware directly to systems. Threats to physical security may require less technical savvy on the part of the attacker, but physical security is just as important as information security.
Information security, also called infosec, encompasses a broad set of strategies for managing the process, tools and policies that aim to prevent, detect and respond to threats to both digital and nondigital information assets. Infosec includes several specialized categories, including:
Application security - the protection of applications from threats that seek to manipulate application and access, steal, modify or delete data. These protections use software, hardware and policies, and are sometimes called countermeasures. Common countermeasures include application firewalls, encryption programs, patch management and biometric authentication systems.
Cloud security - the set of policies and technologies designed to protect data and infrastructure involved in a cloud computing environment. The top concerns that cloud security looks to address are identity and access management, and data privacy.
Endpoint security - the part of network security that requires network devices nodes to meet certain security standards before they can connect to a secure network. Nodes devices include PCs, laptops, smartphones and tablets. Endpoint security also extends to equipment like point-of-sale (POS) terminals, bar code readers and IoT devices.
Internet security - the protection of software applications, web browsers and virtual private networks (VPNs) that use the internet. Using techniques such as encryption and internet security aim to defend the transfer of data from attacks like malware and phishing as well as denial-of-service (DoS) attacks.
Mobile security - the protection of portable devices, such as smartphones, tablets and laptops. Mobile security, also known as wireless security, secures the devices and the networks they connect to in order to prevent theft, data leakage and malware attacks.
Network security - the protection of a network infrastructure and the devices connected to it through technologies, policies and practices. Network security defends against threats such as unauthorized access, and malicious use and modifications.
Security concepts and principles
Security in IT is a broad concept that blankets many different ideas and principles. Some of the most important security concepts and principles are:
Defense in depth - a strategy that uses multiple countermeasures to protect information and is based on the military principle that it's more difficult for an enemy to beat a multilayered defense system than it is to beat a single layer.
Least privilege - a principle that limits user and program access to the lowest possible level of access rights in order to strengthen security.
Vulnerability management - an approach to security that requires checking for vulnerabilities, identifying them, verifying them, mitigating them and patching the vulnerabilities.
Risk management - the process of identifying, assessing and controlling risks to an organization's IT environment.
Application lifecycle management - the concept of protecting all stages of the development of an application to reduce its exposure to bugs, design flaws and configuration errors, such as not changing default passwords that could be exploited by attackers.
While there are many other concepts and principles that make up security, these are some of the most important. The combination of all of these principles will not guarantee security for an organization, but it puts the organization in a better position to defend itself from infosec threats.