What is the goal of IT security

Information has become increasingly valuable over the last few years. This makes it all the more important to protect it. The Information security is defined by the three IT protection goals of availability, integrity and confidentiality. These must be maintained. In addition, there are further parts: Authenticity, Attributability, Nonrepudiation, and Reliability.

Confidentiality of information

Confidentiality of information security means that information is is accessible only to certain authorized persons. For example, the data contained in it data may only be accessed by a certain group of people. In other words, access protection must be defined. As a result, access rights must also be assigned. Another central point in confidentiality of information is the transport of data. This should always be encrypted - symmetrically or asymmetrically. That unauthorized persons do not gain access to the contents.

Integrity of the information

Information integrity is intended to promise that content and data are always complete and accurate. So, too, must the systems all function properly for their intended purpose. For example, data must not be be altered by any transmission or processing. This also means that unauthorized third parties have the possibility to delete or replace (partial) data. If such a case occurs, it must be ensured that this type of manipulation is prevented the security gap can be detected and cleaned up.

Availability of information

Ensuring the availability of the respective information means, that the processing of data within the systems takes place smoothly. Data must be correctly retrievable at the desired time. This means that IT systems must be protected against failure. That's why there are also load tests to check limits, so that business operations are maintained in any case.