Information Security (InfoSec) defined

Information security, often abbreviated InfoSec, is a set of security procedures and tools that broadly protect sensitive enterprise information from misuse, unauthorized access, disruption, or destruction. InfoSec encompasses physical and environmental security, access control, and cybersecurity. It often includes technologies like cloud access security brokers (CASB), deception tools, endpoint detection and response (EDR), and security testing for DevOps (DevSecOps), among others.

Key elements of information security

InfoSec comprises a range of security tools, solutions, and processes that keep enterprise information secure across devices and locations, helping to protect against cyberattacks or other disruptive events.

• Application security - Policies, procedures, tools, and best practices enacted to protect applications and their data.w

• Cloud security - Policies, procedures, tools, and best practices enacted to protect all aspects of the cloud, including systems, data, applications, and infrastructure.

• Cryptography - An algorithm-based method of securing communication meant to ensure only intended recipients of a specific message can view and decipher it.

• Disaster recovery - A method to reestablish functional technological systems in the wake of an event like a natural disaster, cyberattack, or another disruptive event.

• Incident response - An organization’s plan for responding to, remediating, and managing the aftermath of a cyberattack, data breach, or another disruptive event.

• Infrastructure security - Security that encompasses an organization’s entire technological infrastructure, including both hardware and software systems.

• Vulnerability management - The process an organization takes to identify, assess, and remediate vulnerabilities in its endpoints, software, and systems.

Three pillars of information security: the CIA triad

Confidentiality, integrity, and availability make up the cornerstones of strong information protection, creating the basis for an enterprise’s security infrastructure. The CIA triad offers these three concepts as guiding principles for implementing an InfoSec plan.

Confidentiality

Privacy is a major component of InfoSec, and organizations should enact measures that allow only authorized users access to information. Data encryption, multi-factor authentication, and data loss prevention are some of the tools enterprises can employ to help ensure data confidentiality.

Integrity

Enterprises must maintain data’s integrity across its entire lifecycle. Enterprises with strong InfoSec will recognize the importance of accurate, reliable data, and permit no unauthorized user to access, alter, or otherwise interfere with it. Tools like file permissions, identity management, and user access controls help ensure data integrity.

Availability

InfoSec involves consistently maintaining physical hardware and regularly completing system upgrades to guarantee that authorized users have dependable, consistent access to data as they need it.

(www.microsoft.com/en-ww/security/business/security-101/

what-is-information-security-infosec#:~:text=Information%20

security%2C%20often%20abbreviated%20(InfoSec,access%2C%20

disruption%2C%20or%20destruction. Adaptado.)