Information security= IT security PLUS X
In practice, a different approach is sometimes taken, using the rule of thumb "information security = IT security + data protection". However, this statement, written down as an equation, is quite striking. Admittedly, the issue of data protection under the GDPR is about protecting privacy, which requires processors of personal data to have both secure IT and, for example, a secure building environment - thus ruling out physical access to customer data records. However, this leaves out important analog data that does not require personal privacy. For example, company construction plans and much more.
The term information security contains fundamental criteria that go beyond pure IT aspects, but always include them. Thus, comparatively, even simple technical or organizational measures within the scope of IT security are always taken against the background of appropriate information security. Examples of this can be:
- Securing the power supply to the hardware
- Measures against overheating of the hardware
- Virus scans and secure programs
- Organization of folder structures
- Setting up and updating firewalls
- Training of employees, etc.
It is obvious that computers and complete IT systems in themselves would not need to be protected. After all, without information to be digitally processed or transported, hardware and software become useless.