What is information security?

What is the difference between cybersecurity and information security?

Information security (InfoSec) protects all forms of information, digital and physical. Cybersecurity protects all forms of digital information, including computers, handheld devices, cloud, and networks, and can be considered a subset of InfoSec.

What is an information security management system (ISMS)?

An ISMS is a set of guidelines and processes created to help organizations in a data breach scenario. By having a formal set of guidelines, businesses can minimize risk and can ensure work continuity in case of a staff change. ISO 27001 is a well-known specification for a company ISMS.

What is the General Data Protection Regulation (GDPR)?

In 2016, the European Parliament and Council agreed on the General Data Protection Regulation. In the spring of 2018, the GDPR began requiring companies to:

• provide data breach notifications
• appoint a data-protection officer
• require user consent for data processing
• anonymize data for privacy

All companies operating within the EU must comply with these standards.

What certifications are needed for cybersecurity jobs?

Certifications for cybersecurity jobs can vary. For some companies, their chief information security officer (CISO) or certified information security manager (CISM) can require vendor-specific training.

More generally, nonprofit organizations like the International Information Systems Security Certification Consortium provide widely accepted security certifications. Certifications can range from CompTIA Security+ to the Certified Information Systems Security Professional (CISSP).

Types of InfoSec

Application security

Application security is a broad topic that covers software vulnerabilities in web and mobile applications and application programming interfaces (APIs). These vulnerabilities may be found in authentication or authorization of users, integrity of code and configurations, and mature policies and procedures. Application vulnerabilities can create entry points for significant InfoSec breaches. Application security is an important part of perimeter defense for InfoSec.

Cloud security

Cloud security focuses on building and hosting secure applications in cloud environments and securely consuming third-party cloud applications. “Cloud” simply means that the application is running in a shared environment. Businesses must make sure that there is adequate isolation between different processes in shared environments.

Cryptography

Encrypting data in transit and data at rest helps ensure data confidentiality and integrity. Digital signatures are commonly used in cryptography to validate the authenticity of data. Cryptography and encryption has become increasingly important. A good example of cryptography use is the Advanced Encryption Standard (AES). The AES is a symmetric key algorithm used to protect classified government information.

Infrastructure security

Infrastructure security deals with the protection of internal and extranet networks, labs, data centers, servers, desktops, and mobile devices.

Incident response

Incident response is the function that monitors for and investigates potentially malicious behavior.

In preparation for breaches, IT staff should have an incident response plan for containing the threat and restoring the network. In addition, the plan should create a system to preserve evidence for forensic analysis and potential prosecution. This data can help prevent further breaches and help staff discover the attacker.

Vulnerability management

Vulnerability management is the process of scanning an environment for weak points (such as unpatched software) and prioritizing remediation based on risk.

In many networks, businesses are constantly adding applications, users, infrastructure, and so on. For this reason, it is important to constantly scan the network for potential vulnerabilities. Finding a vulnerability in advance can save your businesses the catastrophic costs of a breach.