{"id":66,"date":"2007-05-27T00:29:00","date_gmt":"2007-05-27T00:29:00","guid":{"rendered":"http:\/\/mayanktrivedi.net\/technotes\/2007\/05\/27\/it-security-v-s-information-security\/"},"modified":"2022-04-06T20:23:49","modified_gmt":"2022-04-06T20:23:49","slug":"it-security-v-s-information-security","status":"publish","type":"post","link":"http:\/\/mayanktrivedi.net\/technotes\/2007\/05\/27\/it-security-v-s-information-security\/","title":{"rendered":"IT Security V\/S Information Security"},"content":{"rendered":"<p><span style=\"color: rgb(0, 0, 102);\"><span style=\"font-family:verdana;\"><span style=\"font-size:100%;\">IT Security and Information Security are the two different domains often misunderstood as one.  Though both of them have some common areas that are to be dealt, but by large, IT Security is a subset of Information Security.<\/p>\n<p>IT Security deals with the technical set of controls and revolves more around the technological deployments across the Business to store, process, generate or transmit the Information.  On the contrary Information Security also covers up the additional functionalities as those of Business Operations, legal, Human Resource, Facility Management etc. i.e. the Information Security also encompasses the various departments that deal with the data\/information in other than electronic format.<\/p>\n<p>If we talk of the controls that make part of the IT Security, then we would have controls revolving around following heads &#8211;<br \/><\/span><\/span><\/span><\/p>\n<ol style=\"color: rgb(0, 0, 102);\">\n<li>IT Risk Assessment<\/li>\n<li>IT Asset Classification and Management<\/li>\n<li>Logical Access Control<\/li>\n<ol>\n<li>User Management<\/li>\n<li>Password Guidelines<\/li>\n<li>Access Rights and Permissions<\/li>\n<li>Login Restrictions<\/li>\n<\/ol>\n<li>Physical Access Control<\/li>\n<ol>\n<li>To the Data Center \/ Server Room<\/li>\n<li>To End User Terminal<\/li>\n<\/ol>\n<li>Emanation Security &#8211; <span style=\"font-style: italic;\">dealing with Cabling security etc<\/span><\/li>\n<li>Communication Security &#8211; <span style=\"font-style: italic;\">dealing with security during electronic transmission<\/span><\/li>\n<li>Systems Development, Acquisition and Management<\/li>\n<ol>\n<li>In-house Development<\/li>\n<li>Out-Sourced Development<\/li>\n<li>Off the Shelf Purchase<\/li>\n<li>System Change Management<\/li>\n<\/ol>\n<li>End User Computing<\/li>\n<ol>\n<li>Access to End User Development &#8211; <span style=\"font-style: italic;\">Usage of Scripts and Macros in documents and spreadsheets<\/span><\/li>\n<li>Access to Install Custom Programs and Free-wares<\/li>\n<li>File Sharing through Local Shares<\/li>\n<li>Email and Internet Usage<\/li>\n<li>Acceptable usage of IT Resources<\/li>\n<\/ol>\n<li>Disaster Recovery Planning<\/li>\n<ol>\n<li>Back and Archiving<\/li>\n<li>DR Site Planning<\/li>\n<li>Fault Tolerance and Site Redundancy Planning<\/li>\n<\/ol>\n<li>Network and Operations Management<\/li>\n<ol>\n<li>Network Documentation<\/li>\n<li>Network Controls<\/li>\n<li>IP Addressing and Network Zoning<\/li>\n<li>Network Performance Monitoring and Capacity Management<\/li>\n<li>Remote Connectivity and Remote Access Management<\/li>\n<li>Usage of Cryptographic Techniques<\/li>\n<li>Operations Management<\/li>\n<li>Malicious Content Management<\/li>\n<li>Incident Monitoring and Management<\/li>\n<li>Media Handling and Storage<\/li>\n<li>Audit Logging and Log Retention<\/li>\n<li>Segregation of Development, Test and Production Environment<\/li>\n<\/ol>\n<\/ol>\n<p><span style=\"color: rgb(0, 0, 102);\">The <\/span><span style=\"font-weight: bold; font-style: italic; color: rgb(0, 0, 102);\">Additional Control Areas<\/span><span style=\"color: rgb(0, 0, 102);\"> that would make part of the Information Security can be listed as &#8211; <\/span><\/p>\n<ol style=\"color: rgb(0, 0, 102);\">\n<li>Physical and Environmental Security &#8211; <span style=\"font-style: italic;\">Encompasses Emanation and Cabling Security along with deployment of Human Personnel, CCTV Monitoring mechanism etc.<\/span><\/li>\n<li style=\"font-style: italic;\">Third Party Operations<\/li>\n<li>Business Continuity Management<\/li>\n<li>Compliance Audit and Management<\/li>\n<li>Human Resource Security &#8211; <span style=\"font-style: italic;\">Identifying Human resource involved in operations as a source of threat<\/span><\/li>\n<li>Business Threat and Risk Assessment including Business Impact Analysis<\/li>\n<\/ol>\n<p><span style=\"font-weight: bold; font-style: italic;font-size:85%;\" >References &#8211;<\/p>\n<p>ISO\/IEC 17799, ISO\/IEC 27001, CObIT<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>IT Security and Information Security are the two different domains often misunderstood as one. Though both of them have some common areas that are to be dealt, but by large, IT Security is a subset of Information Security. IT Security deals with the technical set of controls and revolves more around the technological deployments across &hellip;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,26,72,44],"tags":[],"class_list":["post-66","post","type-post","status-publish","format-standard","hentry","category-information-security","category-information-security-controls","category-it-security","category-it-security-controls","entry entry-center"],"_links":{"self":[{"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/posts\/66","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/comments?post=66"}],"version-history":[{"count":1,"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/posts\/66\/revisions"}],"predecessor-version":[{"id":207,"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/posts\/66\/revisions\/207"}],"wp:attachment":[{"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/media?parent=66"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/categories?post=66"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/mayanktrivedi.net\/technotes\/wp-json\/wp\/v2\/tags?post=66"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}