Golden Recursion Inc. logoGolden Recursion Inc. logo
Advanced Search
Information security

Information security

Information security, also known as InfoSec, refers to the processes and tools designed and deployed to protect sensitive information from modification, disruption, destruction, and inspection.

Overview

Information security, also known as InfoSec, refers to the processes and tools designed and deployed to protect sensitive information from modification, disruption, destruction, and inspection. Information security is a crucial part of cybersecurity, but it refers exclusively to the processes designed for data security. Cybersecurity is a more general term that includes InfoSec.

Information security covers many areas and often involves implementating various types of security, including application security, infrastructure security, cryptography, incident response, vulnerability management, and disaster recovery. Organizations implement information security for a variety of reasons, but the main objectives are generally related to ensuring confidentiality, integrity, and availability of company information.

  • Confidentiality—preventing unauthorized disclosure of information. The purpose of confidentiality is to keep information private and to ensure it is visible and accessible only to those individuals who own it or need it to perform their organizational functions.
  • Integrity—protecting against unauthorized changes (additions, deletions, alterations, etc.) to data. The principle of integrity ensures that data is accurate and reliable and is not modified incorrectly, whether accidentally or maliciously.
  • Availability—making software systems and data fully available when a user needs it.

Organizations often define an information security policy (ISP), a set of rules guiding individuals using IT assets. Companies can create ISPs to ensure employees and other users follow security protocols and procedures.

The following are security threats organizations face:

  • Unsecured or poorly secured systems
  • Social media attacks
  • Social engineering
  • Malware
  • A lack of encryption
  • Security misconfiguration
Types
Application security

Application security covers software vulnerabilities in web and mobile applications and application programming interfaces (APIs). These vulnerabilities may be found in the authentication or authorization of users, the integrity of code, configurations, and mature policies and procedures. Application vulnerabilities potentially create entry points for significant information security breaches.

Cloud security

Cloud security focuses on building and hosting secure applications in cloud environments and securely consuming third-party cloud applications.

Cryptography

Encrypting data in transit and data at rest ensures data confidentiality and integrity. Digital signatures are commonly used in cryptography to validate the authenticity of data.

Infrastructure security

Infrastructure security deals with the protection of internal and extranet networks, labs, data centers, servers, desktops, and mobile devices.

Incident response

Incident response monitors for and investigates potentially malicious behavior. In preparation for breaches, IT staff build incident response plans for containing the threat and restoring the network.

Vulnerability management

Vulnerability management refers to scanning an environment for weak points (such as unpatched software) and prioritizing remediation based on risk.

Timeline

Further Resources

Title
Author
Link
Type
Date

References

Golden logo
By using this site, you agree to our Terms & Conditions.