Security.com

information security (infosec)

By Kinza Yasar

What is information security (infosec)?

Information security (infosec) is a set of policies, procedures and principles for safeguarding digital data and other kinds of information. Infosec responsibilities include establishing a set of business processes that protect information assets, regardless of how that information is formatted or whether it is in transit, being processed or at rest in storage.

Generally, an organization applies information security to guard digital information as part of an overall cybersecurity program. Infosec ensures that the employees have access to the data they require, while preventing unauthorized access. It can also be associated with risk management and legal regulations.

Principles of information security

The pillars or principles of infosec are collectively known as the confidentiality-integrity-availability (CIA) triad. These are intended to serve as a guide for information security policies and processes within an organization. The overall goal of infosec is to let the good guys in, while keeping the bad guys out. The three primary tenants to support this are confidentiality, integrity and availability.

Confidentiality is the principle that information should only be available to those with the proper authorization to that data. Integrity is the principle that information is consistent, accurate and trustworthy. Availability is the principle that information is easily accessible by those with proper authorization and remains so in case of failure to minimize interruptions to users.

These three principles do not exist in isolation, but inform and affect one another. Therefore, any infosec system involves a balance of these factors. As an extreme example, information only available as a written sheet of paper stored in a vault is confidential but not easily available. Information carved into stone displayed in the lobby has a lot of integrity but is not confidential or available.

Other infosec principles

While the CIA triad forms the basis of infosec policy and decision-making, other factors, including the following, should be added to a complete infosec plan:

Types of information security

Although information security can take many different forms, the following are the most common types:

Information security threats

Threats to information security can manifest themselves in a variety of ways. The most common threat vectors are as follows:

What is the difference between information security vs. cybersecurity?

Since most information exchange happens in cyberspace these days, the terms information security and cybersecurity are often used interchangeably. While their paths intersect, both terms have individual meanings.

Physical security, endpoint security, data encryption and network security are all examples of information security. It is also closely related to information assurance, which safeguards data against threats, such as natural disasters and server outages. In short, information security is concerned with protecting any type of data, not just data in cyberspace.

Cybersecurity, on the other hand, is a subcategory of information security. It deals with technological threats and the practices and tools that can be used to mitigate cyber attacks, such as spyware or ransomware. Data security is another related category of cybersecurity that focuses on protecting an organization's data from accidental or malicious exposure to unauthorized parties.

Data protection laws for information security

There are currently no federal laws governing data security in the United States, but some regulations have been passed to protect specific types of data. The EU, on the other hand, adheres to GDPR, which governs the collection, use, storage, security and transmission of data pertaining to EU residents.

Data security regulations in the U.S. include the following:

Infosec jobs

Most roles working with computers involve an element of information security. Therefore, infosec jobs may vary in their titles between organizations and be cross-disciplinary or interdepartmental.

The following are the most common job titles in information security:

Learn more about the types of infosec jobs that are available.

Infosec certifications

number of certifications are available to IT professionals who already -- or would wish to -- focus on infosec and cybersecurity more broadly, including the following:

Information security-focused certifications for a range of cloud vendors are also readily available. Several popular examples include Google Professional Cloud Security Engineer, Microsoft Information Protection Administrator and AWS Certified Security - Specialty.

Cybersecurity, a subcategory of information security, necessitates thorough planning to be successful. Discover how to execute cybersecurity best practices by reading this guide. Also, learn the essentials of data security and the practice of preserving the confidentiality, integrity and availability of organizational data.

14 Mar 2023

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement