Along with technological advances come new concepts, new areas of knowledge, new study niches, and information security. However, we all have some idea about this matter and its importance.
But really: What is Information Security? What does it consist of?
What Is Information Security?
It is the set of mechanisms and activities that we apply to protect information. And along with it, also protect our business processes, which work using, precisely, information.
On the one hand, ordinary processes use information: customers, products, prices, contracts, etc. And on the other, an organization’s decision-making is based on its information on the organization itself, the market, and the context. Information is, therefore, a high-value asset.
To protect the information, it is not enough to do it with its supports, the data stores. But all the computer systems involved in its management and treatment and communications are also involved.
Protecting information consists of maintaining its three pillars: confidentiality, integrity, and availability.
Protecting confidentiality is preventing unauthorized people from accessing information. Often only this feature is thought of. But as we will see, it is not enough to ensure that an organization can continue its business processes.
The integrity is the proprietary information to keep right, no unauthorized alterations. Possible unauthorized alteration includes its destruction. In general, the alteration of lead can cause more significant damage since the decision-making and operations of the organization occur on incorrect information.
Finally, the availability ensures that the information will be accessible whenever needed, obviously, by authorized personnel. But, in most cases, it is the most crucial property. And on many occasions, the least attended.
Based on these great pillars, we could redefine or detail information security as the mechanisms designed to guarantee that information is available to the organization and its processes (availability); that it is the correct information, without unauthorized alterations (integrity); and that there are no unauthorized accesses (confidentiality).
Security Risk Analysis
Information security risks are very diverse both in their origin and causes and their motivation and effects. Therefore, we must always treat them not only as information risk but as a business continuity risk.
Regarding the affected elements, we can identify two main types of risks: physical and logical. The first are those that affect the infrastructure of information and communication systems. They include but are not limited to: fires, floods, electrical voltage fluctuations, natural disasters, theft, and other breakages. At the same time, the latter affects the data itself: theft, unauthorized access, manipulation, or the software that we use in its management.
Having seen the previous examples, we can establish an essential classification according to motivation. On many occasions, we identify hacking and crime as the only risks to information. But unintended chances are no less important.
We must not confuse information with digital information. Data on physical media: paper documents, cards, mobile units, etc. it must also be the object of information security. It is also part of the continuity of the business and may be a reason for theft and violation of confidentiality.
Also Read: IT Security – Safety From The Concept
As a Classification Of Security Mechanisms, We Can Identify:
Elements and processes aimed at identifying the users of the systems and information.
Those are used to determine the permissions or degrees of access that each user can have.
Systems that prevent access to information and techniques. They can be physical: security doors, access codes, access cards, etc ., or logical: access screens.
Creation of copies of the data to avoid its loss. Especially important in the face of big disasters or data encryption malware.
Installation and configuration of alternative means guarantee business continuity in the face of failures of different degrees in the infrastructure.
Coding of stored information. In such a way that physical access to its support does not allow its use. And coding of the data transmitted to prevent access or manipulation directly on the communication networks.
Destruction of Supports :
Once specific supports, especially physical ones such as paper or mobile units, are no longer necessary, it is convenient to reduce the number of copies. This reduces the chances of access and theft.
Consistent in that, the systems themselves record accesses and manipulation operations for later analysis and identify vulnerabilities.
Also Read: The IT security Trends For 2021