IT-security

What distinguishes IT-security from information security?

IT (information technology) is a tool for managing information. Security in IT-systems and IT-infrastructure is called IT-security and is part of the overall concept of information security, which deals with all types of information, including such as handwritten and spoken information.

  • Information security: Bevarande av konfidentialitet, riktighet och tillgänglighet hos information.

  • IT-security: Bevarande av konfidentialitet, riktighet och tillgänglighet hos information i digitala system.

The concept of cybersecurity also occurs and is in principle the same as IT-security.

IT-system

IT-systems are digital tools that support different processes. It can be anything from less proprietary applications in standard programs to large overall business systems.

Administrative processes can for example, be supported by financial systems, case management systems, diary systems and personnel management systems. These can often be standard systems that are adapted to the own organisation’s activities.

Why Standardize?

A standard is a common way of solving a common problem. It is a way to achieve transparency and avoid misunderstandings. You save energy by not having to think of everything yourself. Instead, you can lean on something that has been proven. Standards developed and verified by leading experts around the world. For an organization, there are several advantages to using established standards as a basis for selecting and implementing security measures:

  • It utilizes accumulated knowledge.

  • A generelly known quality stamp.

  • Benefits of collaborating with others.

  • Facilitates procurements and requirements for external partners.

Some important things to keep an eye on

Computers and mobile devices

Almost all computers are connected to the internet. This also often applies to workplace mobiles and tablets.

Secure software and apps

Only download software and apps from known sources. Update them continuously.

Protect networks

The company's firewalls must be secure and passwords strong. Important information should be encrypted.

Secure external IT services

Establish legal agreements with external providers of IT services.

Check permissions

There must be clear routines for which IT systems employees have access to.

Train staff

The human factor accounts for most IT-related incidents. Everyone in an organisation must have the knowledge and understanding required to reduce the risk of mistakes.

The safety requirements must govern

Because IT-systems can look so different and be used in a variety of environments and for different purposes, of course the security requirements for the system also vary. It is the person who is the responsible owner of the system and the information in the system who must make demands on the system's security. The security requirements shall be based on the protection value of the information and the risks to which the system is deemed to be exposed. The safety requirements shall govern which safety measures are to be included in the system in, for example, the following areas:

  • User instructions - Rules for login and password management.

  • Authentication - Simple authentication or multi-factor authentication.

  • Permissions - Who should have access to different parts of the system.

  • Incident management - Detection, reporting, investigation and measures in the event of incidents.

  • Encryption - Requirements for encrypting sensitive information.

  • Education - Related to different roles such as users, administrators, technicians.

  • Traceability - Special routines for logging (recording) activities.

  • Backup - Requirements for backup procedures.

Do you need help with your cyber security? Contact Us!