What is the objective of IT Security?
The continuity of operations and proper functioning of information systems is critical to most businesses. Threats to data and computerized processes are also threats to business productivity, profitability and effectiveness. The objective of IT security is to put into place measures that will eliminate or reduce these threats to an acceptable level.
Why is IT Security a concern?
IT security -- and specifically cyber or internet security -- has become one of the main concerns at businesses and organizations today. Consider these statistics provided by Trustwave:
75% of data breach incidents last year were aimed at food and beverage and retail companies
85% of data breach incidents last year were aimed at obtaining credit card information
11% of data breach incidents last year were aimed at obtaining sensitive company data and trade secrets
97% of data breach targets last year had an insufficient firewall policy, and 83% had a guessable password
55% of breaches were through remote access application, 8% were through social media and networking, 6% were through e-mail trojan
It is only by being firmly committed to security that businesses can become resilient to attack, reduce the risk of data compromise, and protect their critical data and their reputations.
What needs to be protected, against whom and how?
IT security is essentially the protection of data, computer systems and services against disasters, human errors and sabotage so that the likelihood and the impact of security incidents is minimized.
A threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage.
IT security is comprised of the following:
Confidentiality: Sensitive business information and processes are disclosed only to authorised persons. Controls must be put in place to restrict access to the information and processes.
Integrity: The business needs to control modification to business information and processes. Controls are required to ensure that information and processes are unaltered and complete.
Availability: The business needs to have its information and services available when required. Controls are required to ensure the reliability of services.
Legal Compliance: Information/data that is collected, processed, used, passed on or destroyed must be handled in line with current legislation of the relevant countries.
Computer crime is here to stay. It is up to businesses to get serious about the security of their data and their computer processes.
DataHive is very serious about IT Security. Contact us today to see what we can do for you.