Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • IoT Security Testing
    • Infrastructure Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Cybersecurity For Developers(Web Application)
    • Cybersecurity For Developers(Mobile Application)
  • Resources
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Information Security

  • Home
  • Blog Details
December 7 2021
  • Blog

What is Information Security?

Information security, abbreviated as InfoSec, is the process of safeguarding information by mitigating information risks. It’s a component of information risk management. It typically entails preventing or reducing the likelihood of unauthorized/inappropriate data access or the illegal use, disclosure, disruption, deletion, corruption, modification of information.

Information Security

Information security is achieved through a structured risk management process that includes:

  • Identifying information and related assets, as well as potential threats, vulnerabilities, and impacts.
  • Evaluating the risks; deciding how to address or treat the risks i.e. to avoid, mitigate, share, or accept them.
  • Risk mitigation is required, selecting or designing appropriate security controls and implementing them.
  • Monitoring the activities, making adjustments as needed to address any issues, changes, and improvement opportunities.

Information security mainly relies on three pillars

Information security mainly relies on three pillars: Confidentiality, Integrity, Availability
Three pillars of Information security
  • Confidentiality
  • Integrity
  • Availability

Confidentiality

Confidentiality in information security is “the property that information is not made available or disclosed to unauthorized individuals, entities, or processes.” While the terms “privacy” and “security” are similar, they are not interchangeable. 

Confidentiality: Confidentiality is a component of privacy that we use to protect our data from unauthorized viewers
Information security pillar – Confidentiality

Confidentiality is a component of privacy that we use to protect our data from unauthorized viewers. Password theft, data theft are some of the examples of confidentiality compromise.

Integrity

Data integrity in Information security refers to maintaining and ensuring the accuracy and completeness of data throughout its entire lifecycle. This means that data can’t be corrupted or modified in an unauthorized or undetected way. 

Integrity: Data integrity in Information security refers to maintaining and ensuring the accuracy and completeness of data throughout its entire lifecycle
Information security pillar – Integrity

Controls to ensure the integrity of information security systems are typically included, with a focus on protecting the kernel or core functions from both deliberate and unintentional threats.

Availability

Any information system must be available when it is needed for it to serve its purpose. For complete availability of the system,

  • The computers used to store and process the information
  • The access controls used to preserve it.
  • The communication channels used to connect it.
Availability: Stopping denial-of-service attacks, such as a flood of incoming messages to the target device, which effectively forces it to shut it down, is also part of ensuring availability.
Information security pillar – Availability

Stopping denial-of-service attacks, such as a flood of incoming messages to the target device, which effectively forces it to shut it down, is also part of ensuring availability.

Conclusion

The act of maintaining CIA information, ensuring that information is uncompromised in any way when critical issues arise, is at the heart of information security. These problems are not limited to natural disasters, computer/server failures, and so on.

As a result, in recent years, information security has evolved significantly. There are many opportunities in this field such as securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning, etc.

Previous Post Next Post

Leave a Comment

Recent Posts

  • SOC 2 Compliance – Complete Guide
  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2

Recent Comments

  1. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
© Copyright 2020. Anada WordPres Theme By WordPressRiver