IndustryHub
TECHNOLOGIES / SAFETY

IT Cybersecurity (Information Technology)

IT

IT Cybersecurity (Information Technology)

Securing the corporate information system — endpoints, servers, cloud, applications, data. ISO 27001, NIST CSF, Zero Trust, defense in depth, governance and compliance with GDPR / NIS2 / DORA. The digital counterpart of OT security, with its own logics and tool ecosystem.

CIA triad — IT security foundation

Three properties to guarantee simultaneously. Unlike OT (priority Availability > Integrity > Confidentiality), IT traditionally puts Confidentiality > Integrity > Availability — but the trade-off depends on business context.

C

Confidentiality

Data is only accessible to authorized people. Encryption (TLS, AES-256, RSA), data classification, access controls (IAM, ABAC, RBAC), data loss prevention (DLP).

I

Integrity

Data is not modified in unauthorized ways. Digital signatures, hashing (SHA-256), version controls, immutable audit trail, file integrity monitoring (FIM).

A

Availability

Systems and data remain accessible to legitimate users. Redundancy, high availability, disaster recovery plan, backups, anti-DDoS protection, capacity planning.

IT cybersecurity key domains

Eight technical + cultural domains that combine. None is more important than the others — the weakest link determines the actual level.

Identity and Access (IAM)

The new perimeter. SSO (Okta, Microsoft Entra, Ping), MFA everywhere, privileged access management (PAM — CyberArk, BeyondTrust), entitlement reviews, separation of duties, identity lifecycle.

Endpoint security

Successors of antivirus: EDR (CrowdStrike, SentinelOne, Microsoft Defender) then XDR aggregating endpoint + network + cloud + email. Behavioural analysis, MITRE ATT&CK technique detection.

Network security

Next-gen firewalls (Palo Alto, Fortinet, Check Point), micro-segmentation (Illumio, Guardicore), VPN gradually replaced by ZTNA, TLS inspection, IDS/IPS, Network Detection & Response.

Cloud security

The shared responsibility model changes the game. CSPM (Cloud Security Posture — Wiz, Prisma), CWPP (workload), CASB (SaaS visibility), SSPM (SaaS posture), KMS, Cloud IAM, secrets management (HashiCorp Vault).

Data protection

Classification (public / internal / confidential / secret), encryption at-rest and in-transit, DLP (Microsoft Purview, Symantec, Forcepoint), masking and tokenization for test environments, lifecycle management, GDPR right to be forgotten.

Application security (DevSecOps)

Shift security left. SAST (static analysis — SonarQube, Checkmarx), DAST (dynamic test — Burp, OWASP ZAP), SCA (dependencies — Snyk, Mend), secrets scanning, container hardening, SBOM signatures.

SOC, SIEM, SOAR

Security Operations Centre — humans + tools. SIEM for log collection and correlation (Splunk, Microsoft Sentinel, Elastic, Wazuh), SOAR for orchestration and automated response (Palo Alto XSOAR, Splunk SOAR), threat intelligence (MITRE ATT&CK, MISP).

Awareness and human factor

80% of incidents start with a human. Simulated phishing (KnowBe4, Cofense), targeted e-learning by job role, tabletop exercises, non-anxiety-inducing communication. Tech without culture never suffices.

Zero Trust — the modern paradigm

"Never trust, always verify." Abandon of the "castle and moat" model (strong perimeter + trusted interior) in favour of continuous verification of each access. Reference NIST SP 800-207. Three structural principles.

Verify explicitly

Always authenticate AND authorize, based on all available signals: identity, device, location, system state, data classification, anomalies.

Least privilege

Limit access Just-In-Time and Just-Enough-Access. Risk-based policies. Data protected by default. No permanent admin accounts.

Assume breach

Design as if the attacker is already inside. Micro-segmentation, end-to-end encryption, continuous analytics and detection, automated response, regular red-team exercises.

Major incidents

Five attacks that defined the decade, each revealing a blind spot of modern IT security — patching, supply chain, open source dependencies, IAM.

2017

WannaCry

150 countries, UK NHS

Ransomware exploiting EternalBlue (Windows SMB vuln stolen from NSA). 300,000 machines infected in 4 days. Demonstrated patching and internal segmentation stakes.

2017

Equifax

USA — 147 M people data

Unpatched Apache Struts vulnerability for 2 months. Massive identity leak (SSN, DOB, card numbers). $1.4 B fine. CEO resigned.

2020

SolarWinds

18,000 customers incl. US gov + Microsoft

Supply chain attack: SolarWinds Orion build compromised. A legitimately-signed update deployed a backdoor to 18,000 organizations including US federal agencies.

2021

Log4Shell

"The entire internet"

Critical 10/10 CVSS in Java log4j2 library — used by millions of applications. Unauthenticated RCE via simple JNDI string logging. Months of global panic.

2023

MOVEit

2,700 organizations, 95 M people data

SQL injection 0-day in MOVEit Transfer (Progress) exploited by CL0P. Ransomware with exfiltration ("double extortion"). Hit BA, BBC, Sony, Shell, US government agencies.

EU regulatory framework

RGPD / GDPR

EU Regulation 2016/679 — applicable since May 2018

Personal data protection. Principles: lawfulness, purpose, minimization, accuracy, storage limitation, integrity-confidentiality, accountability. Breach notification within 72 h. Fines up to 4% of global turnover or €20 M.

NIS2

EU Directive 2022/2555 — transposed Oct 2024

Cybersecurity of "essential and important entities". Covers IT and OT. Risk analysis, technical measures, executive training, incident notification 24 h. Fines up to €10 M or 2% global turnover for essential entities.

DORA

EU Regulation 2022/2554 — applicable since Jan 2025

Digital Operational Resilience Act — financial sector. 5 pillars: ICT risk management, incident management, resilience testing (TLPT), ICT third-party management, information sharing. Strictest EU framework.

AI Act

EU Regulation 2024/1689 — phased 2025-2027

First worldwide regulatory framework for AI. Risk-based approach: unacceptable / high / limited / minimal. Reinforced obligations for high-risk systems (health, HR, justice, critical infrastructure). Direct link with model and training-data cybersecurity.

Standards and frameworks

  • ISO 27001:2022 — Information Security Management System (ISMS) — international reference
  • ISO 27002:2022 — 93 organizational, technical and physical security controls
  • ISO 27005 — Information security risk management
  • NIST CSF 2.0 — Cybersecurity Framework — 6 functions (Govern, Identify, Protect, Detect, Respond, Recover)
  • NIST SP 800-207 — Zero Trust Architecture — the official reference
  • CIS Controls v8 — 18 controls classified by implementation groups (IG1 → IG3)
  • OWASP Top 10 — Top 10 web application risks — developer reference
  • MITRE ATT&CK — Global knowledge base of attacker tactics and techniques

See also

OT Cybersecurity

The industrial counterpart: Purdue model, IEC 62443, NIS2 for ICS, plant defense.

Tools

NIST CSF maturity assessment, ISO 27001 checklist, GDPR effort calculator — under development.