What is InfoSec?

Author: Doc Toolss

Information Security is also known as InfoSec, it is all about securing information from unauthorised access which can be done through tools, processes deployed to protect sensitive business information from modification, disruption, destruction and inspection.

This information can be anything from the data stored in your personal laptops, mobiles or anything stored on your social media platform.

There are three pillars of Information Security which are commonly known as :

C – Confidentiality

The information which is not disclosed to unauthorised individuals, entities and process. For example, if we say I have a password for my Facebook account but someone has seen me entering the password through shoulder-surfing when I was trying to login to my account. In such a scenario my password has been compromised and confidentiality has been breached.

I – Integrity

It means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorised way.

For example, if a person has been diagnosed with untreated disease and dies due to the same then in this scenario his confidential data such as account details should be updated and closed by the bank authorities to reflect the status as ACCOUNT CLOSED so that data is complete and accurate and in addition to this only authorised person should be allowed to edit the account holders details.

A – Availability.

It means information must be available when needed. For example: if an employee who joins a new organisation and the new company wants to do a background check for this employee so in such a scenario the authorities need to share the information related to the employee when needed to the authorised source.

Difference between InfoSec and CyberSecurity?

Information security and cybersecurity are often confused. InfoSec is a crucial part of cybersecurity, but it refers exclusively to the processes designed for data security. Cybersecurity is a more general term that includes InfoSec.

Types of InFosec:Application SecurityCloud SecurityCryptographyInfrastructure SecurityIncidence ResponseVulnerability Management

Application Security: It is a wide topic in which consists of software security in laptop or system, mobiles and APIs. There are vulnerabilities which may be found in users data which could also be the integrity of code and configuration.

Cloud Security: It is based on building and hosting of applications over cloud. Business to make sure that the cloud based applications are running in a secure shared environment.

Infrastructure Security: The security of internal, external networks, server networks and mobile devices etc.

Incidence Response: It is the function that investigates and monitors for malicious behaviour.

Vulnerability Management: The process of scanning the weaker points such as unpatched Softwares has the maximum risk ability compared to others.I t is important to constantly scan the network for potential vulnerabilities. Finding a vulnerability in advance can save your businesses the catastrophic costs of a breach.

About DocTooLss :

"We make Technology EaZy via Docs"

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com