Recommend
Print
Information and data are assets worth protecting. Access to these should therefore be restricted and controlled within the company. Only authorised users or programs should be able to access the information. The following general protection goals form the basis for any IT security strategy:
- Confidentiality: Data may only be read or changed by authorised users. This applies both when accessing stored data and during data transmission.
- Integrity: Data must not be changed unnoticed. All changes must be traceable.
- Availability: System failures must be prevented. Access to data must be guaranteed within an agreed time frame.
- Authenticity: This refers to the properties of authenticity, verifiability and trustworthiness of an object.
- Binding/non-repudiation: This means that "no unauthorised denial of actions performed" is possible. Among other things, this is important when concluding contracts electronically. Electronic signatures are one solution for this
- Attributability: An action performed can be clearly attributed to a communication partner.
- anonymity in certain contexts
The above list shows that there is no one-size-fits-all solution for IT security and that it should be customised for each individual company. However, a comparison of the company's own business model with the above-mentioned objectives provides important cornerstones for the requirements of an IT security solution. This should be accompanied by a cost-benefit analysis.
