Information security incorporates all types of information, including those on paper (analog) or in people's heads. IT security is only one part of information security and covers only information processed with information technology (IT). Data protection, on the other hand, exclusively covers the protection of personal data, regardless of how it is processed. All three areas - information security, IT security, data protection - have many intersections and correspondingly overlapping threat scenarios and protection measures.

Information Security
© Universität Münster

Protection Goals of Information Security

Protection goals of information security
The protection goals of information security (according to BSI IT-Grundschutz/ISO 27001) are confidentiality, integrity and availability of data. It is therefore necessary to protect both official and personal data

  • against data leakage (confidentiality)
    • e.g. due to phishing, malware, theft
  • against data manipulation (integrity)
    • e.g. due to operating errors, internal perpetrators, malware
  • against data loss (availability)
    • e.g. due to operating errors, crypto trojans (ransomware), hardware failures
Protection Goals
© Universität Münster

Risk Scenarios

The three protection goals can be endangered by different scenarios. Regardless of whether the data is digital or analog, the following threats can lead to loss of confidentiality, integrity and/or availability of data:

  • Force majeure: fire, water, lightning, illness,...
  • Organizational deficiencies: lack of or unclear regulations, lack of concepts, lack of resources,...
  • Human carelessness: Disclosure of confidential information to unauthorized persons, circumvention of security measures,...
  • Technical failure: System crash, hard disk crash,...
  • Intentional actions: Hackers, viruses, crypto trojans,...