What is data security? A definition
As with the term “data protection”, the question arises here:
What exactly is meant by “data security”?
What examples are there?
The meaning of this term is often not so clear and is usually not used very consistently. Many even use “data security” and “data protection” as synonyms. To get a little clarity on the subject here. We would like to venture a rough definition of data security and answer the question: “What does data security mean?”
In general, data security in Germany includes all technical aspects that serve to protect all kinds of data. Certain goals are pursued in data security, namely:
Confidentiality means that the data can only be accessed by authorized persons. Integrity is also important for encryption information, which stands for the integrity of the data both against manipulation and against technical defects. Finally, availability means that existing data can also be used if necessary.
Measures for security: regulations in the law
Measures to ensure data security can look very different. The technical and organizational measures (TOM) that are provided for data processing bodies in § 9 of the Federal Data Protection Act can serve as an example. As security measures, they indicate various types of control that must be carried out or given.
- Access control
- Disclosure control
- Input control
- Order control
- Availability control
- Separation of data for different purposes
The measures to increase encryption are therefore various control mechanisms that are intended to prevent unauthorized access and thus also knowledge, manipulation, or removal of the data.
Data security: dangers and risks
If we take the goals of encryption as a starting point. The dangers related to data primarily consist of technical defects and third-party access to the data. Which is particularly important when it comes to encryption on the Internet. For example, the encryption of software is insufficient if it does not save the entered data or saves it incompletely or if it is lost.
What is the difference between data protection and data security?
While encryption is primarily about the technical protection of data in general, data protection aims to protect a very specific type of
Data: personal data.
Thus this can be a condition of data protection and constitute a data protection principle. For personal information to be adequately protected, appropriate technical measures must be taken to ensure adequate security and standards must be in place.
While data security is greater about its target quantity. Namely not subject to any restriction on the type of data. Data protection goes further in other respects :
Personal data should not only be technically protected and thus stored securely but their collection. Processing, and disclosure should also be restricted to protect the privacy of the persons concerned.
Data protection, therefore, starts earlier, namely before the information is even available, and then also affects aspects of use in the case of existing material.
The difference between the two concepts becomes clear where the two do not get along: While cloud services can be questionable from a data protection point of view, because the use of external service providers may no longer be traceable and there is also a transmission, outsourcing of the data can be possible in a cloud for data security e.g. B. in the company can be quite useful: Because in this way there is security against possible physical attacks on site.