Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization’s digital assets. The goal of IT security is to protect these assets, devices and services from being disrupted, stolen or exploited by unauthorized users, otherwise known as threat actors.

IT security consists of two areas: physical and information.

Physical security: Physical security is the protection of people, hardware, software, network information and data from physical actions, intrusions and other events that could damage an organization and its assets. Safeguarding the physical security of a business means protecting it from threat actors, as well as accidents and natural disasters, such as fires, floods, earthquakes and severe weather. That said, people are a large part of the physical security threat.

Information security: Information security is also referred to as infosec. It includes strategies used to manage the processes, tools and policies that protect both digital and nondigital assets. When implemented effectively, infosec can maximize an organization’s ability to prevent, detect and respond to threats.