Information security is designed to protect confidentiality, integrity, availability and about protecting information and information systems from unauthorized use, assess modification, or removal.
Information security (infosec) is a set of strategies for managing the processes, tools, and policies necessary to prevent, detect, document and counter threats to digital and non-digital information.
Information security handles risk management and It’s similar to data security, which has to do with protecting data from being hacked or stolen. Data is classified as information that means something. All information is data of some kind, but not all data is information.
Information Security is not all about securing information from unauthorized access. InfoSec is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.
- What is Cyberforensics and its Role in Cybercrime
- What is biometrics: Are biometrics safe to Use
- Best Cybersecurity books To Read In 2019
Types of Information Security
1. Application security
Application security is a broad topic that covers software vulnerabilities in web and mobile applications and application programming interfaces (APIs). These vulnerabilities may be found in authentication or authorization of users, the integrity of code and configurations, and mature policies and procedures.
Application vulnerabilities can create entry points for significant InfoSec breaches. Application security is an important part of the perimeter defense for InfoSec.
Cloud security focuses on building and hosting secure applications in cloud environments and securely consuming third-party cloud applications. “Cloud” simply means that the application is running in a shared environment.
Cryptography and encryption have become increasingly important. A good example of cryptography use is the Advanced Encryption Standard (AES). The AES is a symmetric key algorithm used to protect classified government information.
4. Vulnerability management
Vulnerability management is the process of scanning an environment for weak points (such as unpatched software) and prioritizing remediation based on risk.
In many networks, businesses are constantly adding applications, users, infrastructure, and so on. For this reason, it is important to constantly scan the network for potential vulnerabilities. Finding a vulnerability in advance can save your businesses the catastrophic costs of a breach.
Objectives of Information Security
- Confidentiality – means information is not disclosed to unauthorized individuals, entities and processes.
- Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way.
- Availability – means information must be available when needed. Denial of service attack is one of the factors that can hamper the availability of information.
- Authenticity – means verifying that users are who they say they are and that each input arriving at the destination is from a trusted source. This principle if followed guarantees the valid and genuine message received from a trusted source through a valid transmission.
- Accountability – means that it should be possible to trace the actions of an entity uniquely to that entity.
Difference between Information security and Cybersecurity
Information security refers to the processes and techniques designed to protect any kind of sensitive data and information whether in print or electronic form from unauthorized access. Information is a valuable asset to every individual and business, which makes it even more important to protect them from theft or damage.
Cybersecurity is a subset of information security which deals with protecting internet-connected systems including hardware, software, programs, and data from potential cyberattacks. It protects the integrity of networks from unauthorized electronic access. Network security is the subset of cybersecurity designed to protect the integrity of any network and data that is being sent through devices in that network.
Jobs in Cybersecurity and Information security
- Information security analyst
- Information security coordinator
- InfoSec officer
- Cybersecurity compliance security analyst
- InfoSec security manager
- Information security engineer
- Cybersecurity analyst
- Program security specialist
- Forensics expert
- Chief information security officer
- Penetrations tester