Information security definition

 security exam objectives

Information security, sometimes abbreviated to infosec, is a set of practices intended to keep data secure from unauthorized access or alterations, both when it's being stored and when it's being transmitted from one machine or physical location to another. You might sometimes see it referred to as data security. As knowledge has become one of the 21st century's most important assets, efforts to keep information secure have correspondingly become increasingly important.

Information security vs. cybersecurity

Because information technology has become the accepted corporate buzzphrase that means, basically, "computers and related stuff," you will sometimes see information security and cybersecurity used interchangeably. Strictly speaking, cybersecurity is the broader practice of defending IT assets from attack, and information security is a specific discipline under the cybersecurity umbrella. Network security and application security are sister practices to infosec, focusing on networks and app code, respectively.
Obviously, there's some overlap here. You can't secure data transmitted across an insecure network or manipulated by a leaky application. As well, there is plenty of information that isn't stored electronically that also needs to be protected. Thus, the infosec pro's remit is necessarily broad.

Information security principles

The basic components of information security are most often summed up by the so-called CIA triad: confidentiality, integrity, and availability.
  • Confidentiality is perhaps the element of the triad that most immediately comes to mind when you think of information security. Data is confidential when only those people who are authorized to access it can do so; to ensure confidentiality, you need to be able to identify who is trying to access data and block attempts by those without authorization. Passwords, encryption, authentication, and defense against penetration attacks are all techniques designed to ensure confidentiality.
  • Integrity means maintaining data in its correct state and preventing it from being improperly modified, either by accident or maliciously. Many of the techniques that ensure confidentiality will also protect data integrity—after all, a hacker can't change data they can't access—but there are other tools that help provide a defense of integrity in depth: checksums can help you verify data integrity, for instance, and version control software and frequent backups can help you restore data to a correct state if need be. Integrity also covers the concept of non-repudiation: you must be able to prove that you've maintained the integrity of your data, especially in legal contexts.
  • Availability is the mirror image of confidentiality: while you need to make sure that your data can't be accessed by unauthorized users, you also need to ensure that it can be accessed by those who have the proper permissions. Ensuring data availability means matching network and computing resources to the volume of data access you expect and implementing a good backup policy for disaster recovery purposes.
In an ideal world, your data should always be kept confidential, in its correct state, and available; in practice, of course, you often need to make choices about which information security principles to emphasize, and that requires assessing your data. If you're storing sensitive medical information, for instance, you'll focus on confidentiality, whereas a financial institution might emphasize data integrity to ensure that nobody's bank account is credited or debited incorrectly.

Comments

Post a Comment

Popular posts from this blog

what jobs can i get with a comptia a+ certification

 what jobs can i get with a comptia a+ certification CompTIA A+ is the industry standard for establishing a career in IT and is the preferred qualifying credential for technical support and IT operational roles. Companies like Intel, Dell, Ricoh, Nissan, Blue Cross and Blue Shield and HP all look for the CompTIA A+ certification when hiring for jobs like IT support specialist, IT field service technician, desktop support analyst and help desk tier 2 support. Having IT certifications makes a great first impression when you’re looking for a job. According to the International Data Corporation (IDC), 96 percent of human resources managers use IT certifications as screening or hiring criteria during recruitment.* Learn more about all the places you career can go with CompTIA certifications. If you’re looking to get into IT, keep reading to learn more about types of entry-level jobs that CompTIA A+ validates the skills for. What Is an IT Support Specialist? The IT support team maintains t
Read more

why a+ certification jobs

  a+ certification jobs Among the certifications available for computer professionals, A+ is probably the one cited most often as a starting point for careers in information technology (IT). More than 260,000 people have received A+ certification, viewing it as a way to find jobs as computer service technicians or to gain enough skills to move on to further training. Sponsored by CompTIA, an industry organization, A+ certifies skills in entry-level PC technology. It is a vendor-neutral certification, with an emphasis on the expertise needed to work as a computer service technician, troubleshooting and repairing PCs. Given its popularity, it is no surprise certain misconceptions have developed about A+ certification , especially among people just thinking about getting started in IT. Is A+ certification a "must" for entry-level IT jobs? Is it for programmer wannabes? Technicians? Here is a guide to help you decide whether A+ certification is right for you. Is A+ certification
Read more

What Do You Need to Know about the CompTIA A+

 comptia a+ certification jobs To become CompTIA A+ certified , there are two exams that you must take and pass. These exams are much like any other written test you may have taken in the past. The exams each contain different types of questions that are used to validate your knowledge in specific areas. It’s difficult to say how hard the exams are, because every test-taker has a different level of IT experience, knowledge, and skills. Further, individuals may have a different way of approaching exams and a different level of anxiety about test-taking. The important thing to remember when you are wondering about how hard the CompTIA A+ certification exams will be, is that the more prepared you are, the better you will do. Part of that preparation is knowing what to expect on the exams. To receive the CompTIA A+ certification you have to pass two exams, 220-1001 (Core 1) and 220-1002 (Core 2). These exams were recently launched (January 2019) with the following new objectives: Demonstr
Read more