Toriality's Blog

infosec

created_at:

June 4, 2024 at 5:40 PM

last_updated:

July 15, 2024 at 8:11 PM

What is Information Security?

Information security (also referred as InfoSec) is a set of tools and processes that organizations use to protect information. This includes policy settings that prevent unauthorized people from accessing business or personal information. InfoSec is a growing and evolving field that covers a wide range of topics, such as network and infrastructure security to testing and auditing.

The consequences of security incidents include theft of private information, data tampering, and data deletion. Attacks can disrupt work processes and damage a company's reputation, and also have a tangible cost.

What are the 3 principles of information security?

Confidentiality

Confidentiality measures are designed to prevent unauthorized disclosure of information. The purpose of the confidentiality principle is to keep personal information private and to ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions.

Integrity

Consistency includes protection against unauthorized changes (additions, deletions, etc) to data. The principle of integrity ensures that data is accurate and reliable and is not modified incorrectly, whether accidentally or maliciously.

Availability

Is the protection of a system's ability to make software systems and data fully available when a sure needs it (or at a specified time). The purpose of availability is to ensure that a system is always available when needed.

Information Security vs Cybersecurity

They differ in both scope and purpose. But more accurately, cybersecurity is a subcategory of information security.

Cybersecurity primarily addresses technology-related threats, with practices and tools that cna prevent or mitigate them. Another related category is data security, which focuses on protecting data of an organization.

Information Security Policy (ISP)

ISP is a set of rules that guide individuals when using IT assets. Companies can create ISPs to ensure that employees and other users follow security protocols and procedures. Security policies are intended that only authorized users can access sensitive systems and information.

Creating an effective security policy and taking steps to ensure compliance is an important step towards preventing and mitigating security threats.