07-02-2017, 12:57 PM
Information security, sometimes abbreviated to InfoSec, is the practice of preventing unauthorised access to, use, disclosure, interruption, modification, inspection, registration or destruction of information. It is a general term that can be used regardless of the form the data can take (eg, electronic, physical).
Informatic security
Sometimes refers to computer security, information technology security is information security applied to technology (most of the time some form of computer system). It is worth noting that a computer does not necessarily mean a home desk. A computer is any device with a processor and some memory. Such devices can range from stand-alone non-networked devices, as simple as calculators, to networked mobile computing devices such as smartphones and tablet computers. IT security specialists are almost always found in any large enterprise / establishment due to the nature and value of data within large companies. They are responsible for keeping all technology within the enterprise safe from malicious cyber attacks that often attempt to breach critical private information or gain control of internal systems.
Infosec programs are built around the core objectives of the CIA triad: maintaining the confidentiality, integrity, and availability of IT systems and business data. These objectives ensure that confidential information is only disclosed to the authorised parties (confidentiality), prevents unauthorised modification of the data (integrity) and ensures that the data can be accessed by the authorised parties when requested (availability).
Many large companies employ a dedicated security group to implement and maintain the infosec program of the organisation. Typically, this group is headed by a head of information security. The security group is generally responsible for carrying out risk management, a process whereby vulnerabilities and threats to information assets are continuously evaluated and appropriate protection controls are decided upon and applied. The value of an organisation is within your information - your security is critical to business operations, as well as retaining credibility and gaining the trust of customers.
Threats to confidential and confidential information come in many different forms, such as malware and phishing attacks, identity theft and ransom-ware. To deter attackers and mitigate vulnerabilities at multiple points, multiple security controls are deployed and coordinated as part of a layered defence strategy. This should minimise the impact of an attack. To be prepared for a security breach, security groups must have an incident response plan (IRP) in place. This should allow them to contain and limit damage, eliminate the cause, and apply up-to-date defence controls.
Informatic security
Sometimes refers to computer security, information technology security is information security applied to technology (most of the time some form of computer system). It is worth noting that a computer does not necessarily mean a home desk. A computer is any device with a processor and some memory. Such devices can range from stand-alone non-networked devices, as simple as calculators, to networked mobile computing devices such as smartphones and tablet computers. IT security specialists are almost always found in any large enterprise / establishment due to the nature and value of data within large companies. They are responsible for keeping all technology within the enterprise safe from malicious cyber attacks that often attempt to breach critical private information or gain control of internal systems.
Infosec programs are built around the core objectives of the CIA triad: maintaining the confidentiality, integrity, and availability of IT systems and business data. These objectives ensure that confidential information is only disclosed to the authorised parties (confidentiality), prevents unauthorised modification of the data (integrity) and ensures that the data can be accessed by the authorised parties when requested (availability).
Many large companies employ a dedicated security group to implement and maintain the infosec program of the organisation. Typically, this group is headed by a head of information security. The security group is generally responsible for carrying out risk management, a process whereby vulnerabilities and threats to information assets are continuously evaluated and appropriate protection controls are decided upon and applied. The value of an organisation is within your information - your security is critical to business operations, as well as retaining credibility and gaining the trust of customers.
Threats to confidential and confidential information come in many different forms, such as malware and phishing attacks, identity theft and ransom-ware. To deter attackers and mitigate vulnerabilities at multiple points, multiple security controls are deployed and coordinated as part of a layered defence strategy. This should minimise the impact of an attack. To be prepared for a security breach, security groups must have an incident response plan (IRP) in place. This should allow them to contain and limit damage, eliminate the cause, and apply up-to-date defence controls.