Difference between information security and it security
Answers
Answered by
0
There’s a lot of swirl in the industry about Security Organizations lately and the term Information Security seems to be used synonymously with the term IT Security. These are very different functions and should be distinguished as such. With proper alignment between these two functions you can ensure that your Security functions are purposefully aligned with the business strategy and vision of your CEO and board of Directors.
Let’s start with Information Security. Information Security is the governance of Security, typically within the context of Enterprise (business) operations. The governance of Security includes tasks such as defining policy, and aligning the overall company security strategy with the business strategy.Information Security governance solves “business level” issues and this function transcends the IT department.To appropriately govern Information Security in an Enterprise setting IT must be treated as any other business unit and is a consumer of the Information Security service the same as Legal, HR, Finance, Facilities, etc. This function of Information Security governance is pervasive to your business and should provide end-to-end coverage of the entire business.
Now for IT Security. IT Security is the management of security within IT. IT Security Management teams should be translating Information Security strategy into technical IT Security requirements. They are responsible for IT Risk Management, Security Operations, Security Engineering and Architecture, and IT Compliance. The IT Security Management function should “plug into” the Information Security governance framework.
Let’s start with Information Security. Information Security is the governance of Security, typically within the context of Enterprise (business) operations. The governance of Security includes tasks such as defining policy, and aligning the overall company security strategy with the business strategy.Information Security governance solves “business level” issues and this function transcends the IT department.To appropriately govern Information Security in an Enterprise setting IT must be treated as any other business unit and is a consumer of the Information Security service the same as Legal, HR, Finance, Facilities, etc. This function of Information Security governance is pervasive to your business and should provide end-to-end coverage of the entire business.
Now for IT Security. IT Security is the management of security within IT. IT Security Management teams should be translating Information Security strategy into technical IT Security requirements. They are responsible for IT Risk Management, Security Operations, Security Engineering and Architecture, and IT Compliance. The IT Security Management function should “plug into” the Information Security governance framework.
Similar questions