A degree may open the door to a variety of opportunities and diverse career paths. The degree programs offered at AIU will not necessarily lead to the featured careers. This collection of articles is intended to help inform and guide you through the process of determining which level of degree and types of certifications align with your desired career path.
Terms like information security (InfoSec), cybersecurity and information technology (IT) security sound pretty similar, and in some ways they are. Despite this overlap, these words have distinct meanings for those who work to keep an organization’s assets safe from hackers and others driven by malicious intent. If InfoSec is an umbrella term that encompasses both physical and electronic data,1 and cybersecurity is concerned with cyber, aka internet-based, threats2—and not all threats to a company’s assets come from cyberspace—then what is IT security?
IT security can be thought of as a sort of hybrid of the two, one that combines the electronic data elements of InfoSec (IT security isn’t concerned with information stored in (un)locked file cabinets, so to speak) with cybersecurity strategies to protect against data breaches. The objective of IT security is to maintain the integrity of an organization’s electronic data assets by safeguarding them against unauthorized access and malware attacks.
Why Is IT Security Important?
Having discussed what IT security is, let’s explore a few of the reasons it is so important.
- One of the reasons IT security has become necessary for organizations big and small is because of the ever-present threat users face from malware, such as ransomware and spyware. Effective IT security can decrease the chances that malware will breach an organization’s network.
- In the event an organization becomes the target of a cyberattack, there needs to be a plan of action for responding to the attack and minimizing damage. An incident response plan (IRP), defined as “documentation of a predetermined set of instructions or procedures to detect, respond to and limit consequences of a malicious cyberattacks against an organization’s information systems(s),”3 is an essential component of maintaining the integrity, confidentiality and even the existence of an organization’s data assets following a cyberattack.
- IT security helps protect against internal threats as well. It plays a key role in managing data access within an organization. For example, in any organization, certain employees will have access to certain data that others do not—an employee who tries to access electronic information without proper authorization can pose just as much of a threat as a faceless hacker.
Types of IT Security
Internet Security
Perhaps one of the more widely-known types of IT security is internet security—a collection of measures that protect against ransomware, spyware and other types of malware. Antivirus software and firewalls are among the main types of IT security strategies for safeguarding against cyber threats.4
Cloud Security
Cloud computing may be defined as “the practice of storing regularly used computer data on multiple servers that can be accessed through the Internet.”5 As it’s become increasingly common to save, download and backup data on/from the cloud as opposed to doing so directly on a device, it’s become increasingly necessary for IT departments to develop effective cloud security measures.
Network Security
Network security is the set of protective measures put in place to stop unauthorized and/or malicious users from accessing an organization’s computer network and related devices. Also referred to as “network defense,” network security measures protect the computer, computer network or system itself; its data; and the physical and virtual infrastructure controlled by that computer, computer network or system.6 Antivirus software, firewalls, encryption and multifactor authentication are just a few of the types of network security measures that an IT department might choose to implement.7
Application Security
Application software is a type of software (distinct from system software (e.g. an operating system)) that has been designed to carry out specific tasks, for example, creating documents, spreadsheets, databases, websites, etc.8 Application security refers to the practice of ensuring that applications are created with safeguards built in that lessen their vulnerability to attack.4
Endpoint Security
One of the first lines of defense against cyber threats, endpoint security concerns the security of internet-connected, end-user devices, including laptops, desktops, cell phones and tablets. To help accomplish this, endpoint protection platforms (EPPs) examine files as they enter an organization’s network to help identify and block malware and viruses before they reach the end-user’s device.9
Data Security
Protecting the integrity of data can involve more than protecting it from unauthorized access or theft. IT security measures also need to manage data redundancy—the repetition of data in more than one location. Why? Because data redundancy can lead to data inconsistency and corruption as well as take up unnecessary storage space.10
AIU’s BSIT and MSIT Programs in Information Assurance and Security
Pursuing an IT degree program with a concentration/specialization in information assurance and security could help you prepare to seek out a new career path in the world of IT or advance your current IT knowledge.
AIU’s Bachelor of Science in IT—Information Assurance and Security and Master of Science in IT Security programs are designed to provide an opportunity to develop critical IT security skills and knowledge, all while providing the flexibility you may need to help you make your academic goals a reality.
1 U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Computer Security Resource Center, Glossary: Information Security, https://csrc.nist.gov/glossary/term/information_security (last visited 4/26/23).
2 U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Computer Security Resource Center, Glossary: Cybersecurity, https://csrc.nist.gov/glossary/term/cybersecurity (last visited 4/26/23).
3 U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Computer Security Resource Center, Glossary: Incident Response Plan, https://csrc.nist.gov/glossary/term/incident_response_plan (last visited 4/26/23).
4 CISCO, What Is IT Security?, https://www.cisco.com/c/en/us/products/security/what-is-it-security.html (last visited 4/26/23).
5 Merriam-Webster Dictionary, s.v. “cloud computing,” https://www.merriam-webster.com/dictionary/cloud computing (last visited 4/26/23).
6 U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Computer Security Resource Center, Glossary: Network Defense, https://csrc.nist.gov/glossary/term/network_defense (last visited 4/26/23).
7 CompTIA, Network Security: What Is It, Why Does It Matter and What Can You Do to Make Networks More Secure?, https://www.comptia.org/content/guides/network-security-basics-definition-threats-and-solutions (last visited 4/26/23).
8 Britannica, 5 Components of Information Systems, https://www.britannica.com/story/5-components-of-information-systems (last visited 4/26/23).
9 Trellix, What Is Endpoint Security?, https://www.trellix.com/en-us/security-awareness/endpoint/what-is-endpoint-security.html (last visited 4/26/23).
10 IT Definitions, s.v. “data redundancy,” https://www.defit.org/data-redundancy/ (last visited 4/26/23).
AIU cannot guarantee employment, salary, or career advancement. Not all programs are available to residents of all states. REQ1933180 4/23
Classes Start June 7, 2023