IT Security
IT Security is mainly focused on IT devices it could be either servers, storage, networking devices.
System Security – mainly focused on servers security or server hardening.
Network Security – mainly focused on Networking devices such as Firewalls, Routers, Switches, Intrusion Detection Systems (IDS), Intrusion Prevention System (IPS) so on & so forth.
IT Security is focused on complying to the policies that Information Security has created.
It is only defensive security such as Anti-virus, Firewall, IPS so on & so forth. It involves with mostly operational of Defense-in-depth (DiD).
Information Technology or InfoTech or IT is driven by the top management or leadership team.
IT Security guys are involved in patching the vulnerabilities after receiving the vulnerabilities report by InfoSec Team.
Information Security
Information Security is mainly focused upon ensuring the protection of information across entire organization.
IT is a subset of Information Security.
Information Security mainly focusses on creating policies.
InfoSec mainly involves offensive security such as
Vulnerability Assessment – Analysing Vulnerabilities to notify the IT Team to fix them. VA is the key focus in the industry to notify the gaps in the IT infrastructure much before it gets into the hands of malicious hackers.
Penetration Testing – is simulating the way malicious hackers do but without causing any harm to the information. However, PenTest is more focussed and effective in analyzing & resolving the vulnerabilities. It considers the aspects of human element – the art of deception or social engineering as well.
PT is very much like a military operation. However, generally it is performed on the organizations after receiving proper approval from the CISO (Chief Information Security Officer) and usually PT Team will be headed by CPT (Chief Penetration Tester)
Forensic Investigation – It uncovers the crime by using various reverse engineering techniques.