IT information security is a part of comprehensive information security, which also includes non-digital information.
A company’s IT information security is assessed against the requirements of the ISO/IEC 27000 standard, which describes the procedure for ensuring basic IT protection. Companies can have the conformity of their information security management system (ISMS) with this standard certified.
The basic requirement of IT system security is that IT systems fulfil the function expected of them (functional security). This also includes fail-safety and information security (resilience). The latter is intended to ensure that information is reliably available at all times. This availability of information can be ensured by redundancy of critical hardware components, data storage and data backup or mirroring.
It should not be possible to manipulate information (integrity). Every change to data must be documented in a traceable manner. In this context, the authenticity and traceability of messages play an important role: It must be possible to prove that a message received corresponds to the message sent and that it was actually sent by the identified sender. For contractually relevant messages, the binding nature must also be ensured. This is relevant for electronic signatures.
In addition, information must not be accessible to unauthorized third parties (confidentiality).