Classical IT-Security is centered around the assets governed by the IT organization, and therefore in reality information security and IT security are used to describe that same thing. Protecting the assets of the IT organization is good, but at the end the real value of security is to protect the assets that are important for the overall organization. This becomes obvious when IT services more and more move into the Cloud, and users more and more bring their own devices to work with. Who will stay in the security game thus needs to switch from protecting IT assets to protecting Information Assets which are critical to the organization.
This presentation will give an overview on how to move from IT and System Security to Information Security.