Learning Lab Home/IT/IT Security

IT Security

  • FAQ
  • Courses
  • Certifications
  • Careers
  • Jobs
  • Companies
  • Skills
  • Articles

What is IT security?

IT security is a series of security concepts, tools and practices that are utilized to mitigate threats and safeguard data in the face of an attack. IT security is broader in nature than cybersecurity and encompasses the protection of all of an entity’s data, including databases, software, applications, servers and devices.

What are the different types of IT security?

  • Generally speaking, all IT security concepts can fall into three buckets: network security, end-point security and internet security.

IT security covers a vast range of concepts, meaning that there may be many concepts that may be deserving of their own category. This becomes more true as security threats and solutions continue to expand. However, the simplest way to categorize IT security concepts is by dividing them into three types: network security, end-point security and internet security.

Network security refers to guarding the underlying network infrastructure from unauthorized access, misuse, malfunction, modification, destruction or improper disclosure. End-point security is designed to protect devices attached to the network from cyberattacks and viruses. Computers, mobile devices, laptops and printers attached to the network are protected with software security solutions and policies, including privileged user control, application controls, intrusion detection and encryption. Internet security ensures the well-being of transmitted information through the use of encryption and authentication measures such as a Secure Sockets Layer (SSL) or Transport Layer Security (TSL.)

What are the seven layers of IT security?

  • The seven layers of IT security are the human, perimeter, network, endpoint, application, data and mission-critical layers.

The seven layers of IT security are based on the Open Systems Interconnection (OSI) model, which standardizes the different stages of network communication and their levels of vulnerability. The method is designed to allow security measures to be applicable to each preceding and subsequent layer. The human layer is considered the most vulnerable layer in network communications, with more than 90 percent of data breaches coming due to human error. The best approach to securing this layer is through education and training. The perimeter layer is the outer layer of the network, including all connectivity and access points, which is secured by logging all connected devices and using firewalls, encryption and anti-virus software. The network layer determines what is accessible inside of a system, with mitigation techniques including creating permissions that only give employees access to data they need. The endpoint layer requires heavy encryption of both data and devices, with proper mobile device management protocols becoming increasingly necessary in remote environments. The application layer refers to the software used in business, which can be secured by keeping applications up-to-date. 

The data layer requires the most attention, as it's often the primary target of cybercriminals and may include information such as payment data, social security numbers, healthcare information and intellectual property. File and disk encryption, regular backups, two-factor authentication and wiped data policies are musts at this level. Finally, mission-critical assets like operating systems, health records, software tools, financial records and cloud infrastructure make up the mission-critical layer.

What should be included in an IT security policy?

  • IT security policies include the objective, scope, goals, compliance responsibilities and noncompliance consequences regarding data use.

An organization’s IT security policy identifies an organization’s rules and procedures for individuals accessing and using organizational IT assets and resources. IT security policies are designed to keep assets confidential from unauthorized entities, maintain integrity over the modification of assets, and ensure assets will remain continuously available to authorized users. 

According to the National Research Council (NRC), company IT security policies should contain objectives for the security of data, the scope of how data security will be handled, specific goals intended to be reached in regards to data security and the responsibilities for compliance and actions to be taken in the event of noncompliance with the IT security policy.

Courses

Expand Your IT Security Career Opportunities

Learn IT security and other in-demand information technology skills through one of Udemy’s expert-led courses.

Udemy

Topic:

Learn cyber security best practice tips on securing computer networks from internal & external IT security threats

 

What you'll learn:

  • How to protect and…

4.4
(241)
Udemy

Topic:

Learn the basics of information security and what you need to know to be compliant with data protection regulations

 

What you'll learn:

  • Physical and logical…

4.2
(154)
Udemy

Topic:

Ethical Hacking Unleashed! How to Get to Know Proven Hacking Techniques... Fast

 

What you'll learn:

  • various ethical hacking techniques

  • IT…

4.3
(186)
Udemy

Topic:

Managing Data Protection, physical Data Security and IT Security without Headaches.

 

What you'll learn:

  • Managing Data Protection, physical Data Security and IT…

5.0
(7)
Certifications

IT Security Certifications + Programs

Give your resume a boost with in-demand information technology certifications from Udacity.

You’ll master the skills necessary to become a successful Security Analyst. Learn to identify, correct and respond to security weaknesses and incidents. Plus, get hands-on experience monitoring network traffic, analyzing alert and log data, and following incident handling procedures.

Udacity
Advanced
2 months
5-10 hrs

This program addresses security topics related to corporate environments, which are often distinct from production environments and center around the devices, identities, and infrastructure used by the company’s personnel on a daily basis.

Udacity
Advanced
2 months
5-10 hrs

You’ll master the skills necessary to become a successful Ethical Hacker. Learn how to find and exploit vulnerabilities and weaknesses in various systems, design and execute a penetration testing plan, and report on test findings using valid evidence.

Udacity
Advanced
2 months
5-10 hrs
Careers

Jobs Related to IT Security

Jobs

Latest IT Jobs

Companies

Companies Hiring IT Technicians