Information security is becoming one of the most important assets of the 21st century, Nowadays it takes lots of effort to make information safe and secure.
In this article, we will explain to you some pieces of stuff about information security like its definition, principals, policies, etc.
Information Security Definition
Information security means that the security of our data from unauthorized access, basically it is the practice of preventing data from unwanted, unauthorized, illegal, unlicensed access. It is used to protect data from being misused, disclosure, destruction, modification, and disruption. Information can be physical or electronic.
Information security can also be called (InfoSec).
Information security Vs Cybersecurity
Information security and cybersecurity are related to security but both cover different objectives and scopes with some overlap. Information security is based on protection, covering cryptography, mobile computing, and social media.
Whereas cybersecurity is based on covering Internet-based threats and digital data. Additionally, cybersecurity provides coverage for raw, unclassified data while information security does not.
|It deals with the protection of data and information.||It all about protects from cyber attacks.|
|Information security strives against unauthorized access, disclosure modification, and disruption.||Cybersecurity strikes against Cybercrimes, cyber frauds, and law enforcement.|
|It deals with information Assets and integrity confidentiality and availability.||It deals with threats that may or may not exist in the cyber realm such as protecting your social media account, personal information, etc.|
Information security principles
The principles of information security are based on CIA that is confidentiality, integrity, and availability.
We can easily understand this thing by its name(confidentiality) which means that only confidential persons are allowed to access the data. It is one of the basic elements of information security. To ensure confidentiality one needs to use all the techniques designed for security like a strong password or network security key, encryption, authentication, and defense against penetration attacks.
Integrity means to prevent our data for unwanted changes or maintaining data in its correct state, either accidentally or maliciously. There are many techniques where we can prevent our data to been modified and there are some tools also which can able to protect data integrity.
The term availability is somehow related to confidentiality where we make sure that your data is not accessible by unauthorized person but authorized persons can easily access it.
Availability in information security means matching network and computing resources to compute data access and implement a better policy for disaster recovery purposes.
Information security policies
Information security policy is a document that an enterprise draws up, based on its specific needs and quirks. It helps to establish what data to protect and in what ways. These policies guide an organization during the decision making about procuring cybersecurity tools. It also mandates employee behavior and responsibilities.
- A statement describing the purpose of the infosec program and your overall objectives
- Definitions of key terms used in the document to ensure shared understanding
- An access control policy, determining who has access to what data and how they can establish their rights
- A password policy
- It must include the employee’s roles and responsibilities to safeguard data.