Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
Information security and cybersecurity are often confused. InfoSec is a crucial part of cybersecurity, but it refers exclusively to the processes designed for data security. Cybersecurity is a more general term that includes InfoSec.
An ISMS is a set of guidelines and processes created to help organisations in a data breach scenario. By having a formal set of guidelines, businesses can minimise risk and can ensure work continuity in case of a staff change. ISO 27001 is a well-known specification for a company ISMS.
In 2016, the European Parliament and Council agreed on the General Data Protection Regulation. In the spring of 2018, the GDPR began requiring companies to:
All companies operating within the EU must comply with these standards.
Certifications for cybersecurity jobs can vary. For some companies, their chief information security officer (CISO) or certified information security manager (CISM) can require vendor-specific training.
More generally, nonprofit organisations like the International Information Systems Security Certification Consortium provide widely accepted security certifications. Certifications can range from CompTIA Security+ to the Certified Information Systems Security Professional (CISSP).
Application security is a broad topic that covers software vulnerabilities in web and mobile applications and application programming interfaces (APIs). These vulnerabilities may be found in authentication or authorisation of users, integrity of code and configurations, and mature policies and procedures. Application vulnerabilities can create entry points for significant InfoSec breaches. Application security is an important part of perimeter defense for InfoSec.
Cloud security focuses on building and hosting secure applications in cloud environments and securely consuming third-party cloud applications. “Cloud” simply means that the application is running in a shared environment. Businesses must make sure that there is adequate isolation between different processes in shared environments.
Encrypting data in transit and data at rest helps ensure data confidentiality and integrity. Digital signatures are commonly used in cryptography to validate the authenticity of data. Cryptography and encryption has become increasingly important. A good example of cryptography use is the Advanced Encryption Standard (AES). The AES is a symmetric key algorithm used to protect classified government information.
Infrastructure security deals with the protection of internal and extranet networks, labs, data centres, servers, desktops, and mobile devices.
Incident response is the function that monitors for and investigates potentially malicious behavior.
In preparation for breaches, IT staff should have an incident response plan for containing the threat and restoring the network. In addition, the plan should create a system to preserve evidence for forensic analysis and potential prosecution. This data can help prevent further breaches and help staff discover the attacker.
Vulnerability management is the process of scanning an environment for weak points (such as unpatched software) and prioritising remediation based on risk.
In many networks, businesses are constantly adding applications, users, infrastructure, and so on. For this reason, it is important to constantly scan the network for potential vulnerabilities. Finding a vulnerability in advance can save your businesses the catastrophic costs of a breach.