Frequently asked questions
There is no official definition for these terms, as they are interpreted differently depending on the context and go in the same direction. On the basis of their characteristics, however, the gradations can be represented and the terms can thus be separated: IT security describes the measures with which companies and their data are to be protected from damage and threats. This includes, for example, networks, cloud services and computers. The term cyber security (internet security) extends IT security to include the internet factor. Since most systems today communicate via the internet, the two terms are often equated. Information security goes beyond IT security. It encompasses the general protection of information that is also located in electronic and in non-technical or analogue systems. In addition, unlike data protection, information security makes no distinction as to whether the information is personal or not. The term is mainly found in the IT-Grundschutz catalogues of the Federal Office for Information Security (BSI) and is used to identify and combat vulnerabilities in IT environments. Suitable measures to ensure the confidentiality, availability and integrity of data can be found in the BSI IT-Grundschutz catalogues as well as in the ISO/IEC-27000 series. Data protection deals with the protection of data and is sometimes described as a component of information security, as it is more comprehensive. The term is often linked with data protection. Nevertheless, it also makes no difference to data protection whether the data has a personal reference or not, or whether it is digital or analogue. Compared to the DSGVO, it is not examined whether the data may be processed, but how it can best be protected.