IT Security vs Information Security

A pet peeve of mine is when Information Security is interchanged with IT (Information Technology) Security. Over the many years working this profession, I’ve heard people, clearly working in the Information Security realm, state they work in IT Security (though their job/role dictates otherwise).

People working for a CISO (Chief Information Security Officer and not a Chief Information Technology Security Officer) cannot always tell the difference.

It is accurate to say that IT security is a component of Information Security. Sometimes a CISO is tasked with giving clarity to an IT Organization regarding their role to reduce “not my job” syndrome. Hopefully this graphic helps.

14390719_1233785976642074_947622524989700611_n

Some of the technical areas are usually absorbed into IT Operations, for example Hardware Hardening. Governance will establish that hardware must be hardened, IT Operations, will follow suit and harden as they build.

Incident response should come from everybody being vigilant and reporting what they see. The police don’t just respond to what they see themselves, but they respond to what is reported by the public.

 

This entry was posted in Security Blog and tagged , , , . Bookmark the permalink.