Contents

 Introduction to IT Security

 What is IT Security?
 What Are The Different Types Of IT Security?
 IT Security versus Cybersecurity
 What Are the Types of IT Security?
 Checklists for IT Security
 For Small Businesses:
 For Larger Entities:
 Need Help?
 References

Page 1
Introduction to IT Security

As Internet use is developing, more and more companies are opening their information
system to their partners and suppliers. Therefore, it is essential to know which of the
company's resources need protecting and to control system access and the user rights of the
information system. The same is true when opening company access on the Internet.
Moreover, because of today's increasingly nomadic lifestyle, which allows employees to
connect to information systems from virtually anywhere, employees are required to carry a
part of the information system outside of the company's secure infrastructure.

Page 2
What is IT Security?
Hackers are smarter these days, thereby it is important to implement efficient IT security
software that can prevent computer systems from the online dangers. Online fraudsters aim at
stealing or damaging the hardware, software or electronic data. Ever since the advent of the
Internet of Things (IoT) and the rise of the cloud - enterprises (small & big) are facing
increased vulnerabilities. The other reasons could be that they are less monolithic, legacy
architectures and more distributed, microservice-based networks. Overall, computers play a
vital role in the management of all businesses. When IT security software fails, each and
every element of the business will be exposed to online threats. In such situations, it is likely
to impact on the productivity, profits and customers experience, so, clients may also opt for
other companies. With all these things happening in the background- financial losses will
increase by the minute. Not to forget, IT Security isn't just a quality parameter; it can cause a
havoc if not chosen carefully. Besides that, it also requires revisiting at regular intervals.

In this article, we’ll explore on IT Security Vs Cybersecurity Vs Network Security and what
is the best technology for businesses across the globe. With these insights, arm your network
with the right people and plans to increase your defense and keep threats at bay!
IT Security Vs Cybersecurity Vs Network Security: Is There a Difference?

What Are The Different Types Of IT Security?

Since the beginning of the 21st century, the concept of Information Technology (IT) has
shifted significantly. To the average person, IT no longer means possessing the capability to
simply search the web using keywords, neither does it focus only on clunky desktop
computers. With technology’s evolution, IT has expanded to include numerous subsets —
from programming to engineering to security to analytics and beyond. The “information”
aspect includes far more than obtaining sensitive data or protecting it. Systems now possess
the capabilities for complex queries, extrapolating data, predicting future events, and even
advising officials. This access and wealth of knowledge inevitably led to the expansion of the
IT security field. Are you familiar with the basics of cybersecurity? Read on to learn about
the different types of IT security and how you can protect your business.

IT Security versus Cybersecurity

Page 3
 Although closely related, IT security
differs slightly from cybersecurity. IT is broader in nature and focuses on protecting all of an
entity’s data — whether that data be in electronic or a more physical form.

For example, IT security would encompass securing keypads that allow access to a room full
of data files.

Cybersecurity tends to focus on criminal activity facilitated specifically through the Internet.
In many cases, such criminal activity affects an entities electronic data and daily operations.

Despite the slight differences, IT security and cybersecurity roles and frameworks often
overlap. If a business has both an IT and cybersecurity department, the precautions of one
department will likely parallel those of the other. Regardless, it’s worth understanding the
general differences and similarities before considering the various categories of IT security.

In general, IT security includes databases, software, applications, servers, and devices. In

order to ensure protection, IT security also includes the concept of information assurance.
Information assurance refers to the acronym CIA – confidentiality, integrity, and availability.

What Are the Types of IT Security?

Depending on which experts you ask, there may be three or six or even more different types
of IT security. Each security expert has their own categorizations. Furthermore, as networks
continue to expand with the cloud and other new technologies, more types of IT security will
emerge.

However, for the most part, there are three broad types of IT security: Network, End-Point,
and Internet security (the cybersecurity subcategory). The other various types of IT security
can usually fall under the umbrella of these three types.

1. Network security 

Page 4
At its simplest, network security refers to the interaction between various devices on a
network. This includes the hardware and the software. Network security, according to SANS
Institute, strives to protect the underlying networking infrastructure from unauthorized
access, misuse, malfunction, modification, destruction, or improper disclosure, thereby
creating a secure platform for computers, users, and programs to perform their permitted
critical functions within a secure environment. One of the major goals is to prevent
unauthorized personnel or device access.

For thorough network security, start with configuration. Make sure that from the get go all
device configuration incorporates reasonable preventative measures. Next, put in place a
detection system. For example, detection software analyzing logins could check for
irregularities. Finally, set up response protocol for if and when a breach occurs. This will
ensure smooth communication and hopefully minimize the damages of the network
insecurity.

Some common methods of network protection include two-factor authentication, application

whitelisting, and end-to-end encryption. Additionally, using a security framework, such as
NIST’s cybersecurity framework, will help ensure best practices are utilized across
industries. Whether the framework is more cybersecurity or IT based is a marginal concern,
the key is to have some set of guidelines to follow when setting up or improving security
operations.

2. End-Point Security

Another key to IT security focuses on the devices involved. It is crucial to verify that only
authenticated devices access the system or data. In other words, endpoint security targets
security threats from a device-level viewpoint (e.g., laptops, cell phones, tablets). Each new
connection on an entity’s network widens then the threat intelligence field.

End-point protection software may include privileged user control, application controls, data
controls, intrusion detection, and encryption. Encryption ensures the integrity of data being
transferred, while application security controls protect against dangerous downloads on the
user’s end. Furthermore, security departments typically install such software not only on the
device in question, but also on the company’s server. When a security update occurs, the
central server pushes the update to all end-point devices, thus ensuring a certain level of
security uniformity. Likewise, having a central sign-in page allows enterprises to monitor
who logs on and tracks any suspicious behavior.

Page 5
3. Internet Security

Internet security, as noted above, tends to fall under the name of cybersecurity. It deals
largely with the transit of information. For example, imagine you send an email, and while
that message is in transit, a third party sweeps in and takes it before the message is delivered
to its intended recipient (i.e., man-in-the-middle attack). Such hijackings are just one of many
examples of crimes regarding the Internet. In such a case encryption serves as one method of
defense, making any stolen information significantly less valuable to the perpetrator.

In particular, Secure Sockets Layer (SSL) and Transport Layer Security (TSL) are forms of

encryption and authentication commonly used by business for their online platforms. They
create public and private keys when interactions with customers take place, ensuring the
integrity of the data during transactions. Sites using such encryption methods will usually
have https in the address bar along with a small lock icon. Other common security measures
for the Internet include firewalls, tokens, anti-malware/spyware, and password managers.

Beyond network, end-point and Internet security, the introduction and expansion of the cloud
and the extensive application market also warrants attention. Cloud security parallels on
premise security procedures in that the goals are generally the same – to protect stored date
and data in transfer. The main difference lies in the expansion of the security “border.”

With the widened perimeter to protect, Redhat suggests a layered approach, taking the time to
build in security defense in layers (e.g., encryption, multi-factor identification) at every level
of the cloud (i.e., hosted resources delivered to a user via software). If not building an
internal/company cloud, cloud providers also offer different security tools and protective
measures. In either case, cloud management plays a key role in securing Internet
infrastructures.

Checklists for IT Security

Understanding the different sectors of IT security helps significantly when trying to organize
a strong defense against intruders. However, like most defense strategies, the plan will vary
depending on the resources available.

Consequently, below are two separate checklists – one for small businesses and one for larger
entities. Many of the smaller business recommendations apply to larger firms as well. Even if

Page 6
the checklist seems overwhelming at first, the goal is to take tangible steps to further bolster
security. Such checklists help overcome the information overload of simply reading about
best practices and current security concerns.

For Small Businesses:

Although small and large companies both struggle with internal breaches, smaller companies
tend to have more vulnerabilities to such kinds of attacks. For example, an employee
unwittingly downloads a malicious link for a supposed free vacation on a company computer.
It’s easy to make such mistakes when you don’t know what you are looking for. However,
because smaller companies often lack the resources to quickly combat and rebound after the
attack, they must put in more effort to combat internal security risks. So what can small to
medium companies do?

1. Educate employees 

Make sure to create an IT security plan and disseminate it to all employees. For
example, education awareness training policies should include password guidelines, external
download procedures, and general security practices. It’s crucial to know why your team
needs cyber security education.

Likewise, draft a policy directed at vendors or contractors. Even though it expands the
security policy boundary, including vendors and contractors is vital, as consumers will likely
still blame a small company for a breach even if the vendor was actually to blame. Having a
clear third-party cyber risk assessment policy will assist entities facing repercussions in the
aftermath of a security breach.

Additionally, small businesses should outline clear physical security measures to protect
customer information, such as locking filing cabinets and keeping private information well
out of reach of any wandering eyes and restricting physical access to cardholder data.

2. Data Redundancy 

First, analyze how information is stored. Is critical information stored in only one location? If
yes, consider how this information would be affected in the event of a ransomware attack.

Ransomware could cripple a business if data is only stored in one central location. Storing
essential data backups (i.e., what is needed for minimum daily operations) in secure off-site

Page 7
location will ensure operations do not completely halt if a hacker or malicious code
compromises a system. Furthermore, such backups should be updated on a regular basis.
However, if storing data off-site, it is again important to verify such off-site servers and
equipment is secure (e.g., utilizing encryption).

3. Hardware and Internet Security 

Make sure company computers update whenever new security patches become
available. Password management requirements should also be outlined in the company
security policy. For example, encourage employees to use passphrases or complex passwords
and to change them from time to time.

If passwords are difficult to remember, consider using a password manager.

ConsumerAdvocate.org published a list of top password managers for 2019. Also, install
anti-virus software and establish a procedure for downloading/installing new software. For
the Internet, monitor internet connection points and consider using a virtual private network
(VPN). Lastly, invest in Internet intrusion software.

4. Upkeep 

Put in place an audit system to test your cyber incident response plan, review current security
status, and evaluate if any areas need improvement. Auditing every six months is a general
good practice for small entities.

For Larger Entities:

Larger entities tend to deal with more extensive or sophisticated attacks. Such attacks center
on the field of cybersecurity. A 2017 Clutch large business survey found that phishing proved
the most common type of attack followed by Trojans.

General concepts apply to large businesses as well – inform employees, monitor compliance,
and enforce security policies. However there are some scenarios unique to larger enterprises.

1. Remote work policies 

Larger companies increasingly offer the option for employees to work at home. Not only is
this option cheaper for them, as it reduces overhead costs, but it also appeals to both young

Page 8
and old workers (e.g., less time in traffic appeals to older generations and less traffic is better
for the environmental which appeals to younger generations). However, remote work
expands the threat environment and makes it more difficult for IT departments to control.

There are a few steps every company can take to improve the safety of remote work.

First, educate employees on the difference between suspicious emails and password
protection. Likewise, emphasize the importance of utilizing a work computer only for work;
the more programs (not work related) downloaded onto the computer, the more vulnerable
the machine becomes.

Second, provide a VPN for remote workers to help mitigate Wi-Fi breaches of your WiFi
security having been krack’d and install the ability to remotely wipe the computer in the
event the device falls into the wrong hands.

Lastly, take advantage of cloud computing. Using the cloud offers another layer of security as
cloud service providers, like Amazon and Google, have significant resources to allocate for
securing their cloud platforms.  

2. Investing in new technology

Bigger companies have a greater number of employees to monitor and often locations to
secure. Consequently, they will have to invest in more extensive defense mechanisms. Using
automated security tools will reduce the manpower needed for constant monitoring. For
example, the Open Web Application Security Project (OWASP) provides a list of viable web
application security scanners. Other useful tools include penetration(e.g., AttackIQ
FireDrill) and intrusion testing (e.g., Bricata) software.

Needless to say, there is a plethora of advanced cybersecurity software available to help

companies protect their assets, but companies must first understand the validity of investing
in such tools.

Need Help?

So what’s the overall takeaway? Every business, and to a certain extent every individual,
should implement IT security measures. For mid to large sized businesses, this will include a
heavier emphasis on cyber security. The key is to evaluate where your business is at now and
create a plan based on any weaknesses. It is also vital to research the best products out there

Page 9
and find the ones that will best fit your entity’s needs. To get started on an IT
or cybersecurity solutions plan today, contact RSI Security.

References

https://blog.rsisecurity.com/what-are-the-different-types-of-it-security/

https://ccm.net/contents/635-introduction-to-it-security

https://www.edureka.co/blog/what-is-computer-security/

https://its.ucsc.edu/security/training/intro.html

https://one.comodo.com/blog/cyber-security/it-security.php

Page
10