Skip to main content

IT blog

IT Security

The definition of IT security as "protection against the loss of confidentiality, integrity, and availability in information technology" forms the basis for understanding modern information security. For a freelancer such as Dipl.-Ing. (FH) Dominic Bilke, who works in web and software development, this definition provides a framework for implementing projects securely and responsibly.

Scientific Framework from the Textbook "IT-Sicherheit" According to the work by Gerhard Klett, IT security should not be understood as absolute, but rather as a condition in which risks are reduced to an acceptable level through appropriate measures. The three core protection objectives—confidentiality, integrity, availability—must be understood in the context of economic, technical, and organizational conditions. Additionally, the book emphasizes the role of residual risk and the economic feasibility of security measures.

1. Confidentiality in Freelance Practice When working with customer data, databases, or API integrations, confidentiality is essential. Implementation includes:

  • Encryption of sensitive information (e.g., TLS/SSL for web access, S/MIME for emails)

  • Access controls (e.g., role-based permissions in web applications)

  • Awareness of data protection (GDPR compliance)

2. Integrity in Development Code integrity is especially relevant in automated processes or security-critical systems:

  • Version control (e.g., Git with commit signatures)

  • Hashing data (e.g., for download integrity checks)

  • Testing frameworks to avoid unintended changes

3. Availability in Production Systems Web servers, databases, or IoT applications must be continuously available:

  • Hosting with SLAs and backup concepts

  • Use of monitoring tools (e.g., UptimeRobot, Prometheus)

  • Emergency planning (disaster recovery scenarios)

Policies and Standards The textbook lists standards such as ISO/IEC 27001 and BSI IT-Grundschutz. These are also relevant for freelancers:

  • Development of an individual security policy (e.g., password lengths, update cycles)

  • Orientation on best practices such as "Security by Design" and "Privacy by Default"

Organizational Integration Even in one-person businesses, organization is crucial:

  • Regular security updates and documentation

  • Secure handling of client access and passwords

  • Use of secure tools for project management and communication

Conclusion IT security is not just a technical discipline for freelancers, but an integral part of professional work. Applying the protection goals from the IT security definition and aligning with recognized standards, as described in Gerhard Klett’s textbook, leads to responsible and trustworthy service.

Recommendation These contents should be documented in an IT security concept. As the number of projects grows or the team expands, the gradual introduction of an ISMS (Information Security Management System) based on ISO 27001 is recommended.

[Translate to English:] IT-Sicherheit