What is Infosec?

Introduction to Infosec (Information Security)

 

  Information Security often referred to as InfoSec, it refers to the processes and methodologies which are designed and implemented to protect print electronic , or any other form of confidential , private , sensitive Information or data from unauthorized access ,use , misuse, disclosure, destruction, modification, or disruption.  

C.I.A TRIANGLE:-  3 Key characteristics of info. that must be protected by information security.

• Confidentiality:-   only authorize parties can view information.
• Integrity:-   information is correct and not allowed to altered over a entire life cycle.
• Availability:-  Data is accessible to  authorized users whenever needed.

  

 The Major Category of Information:-  the value of information comes from the category it possesses:

1. Confidentiality.
2. Integrity.
3. Availability.
4. Authorization.
5. Authentication.
6. Identification.
7. Accountability. 

What Is Security?

• " The quality of being secure- to be free from danger".
• A successful organization/ institution should have multiple layers of security in place:-
• Physical Security:- Product the Physical items, object or areas from unauthorized access and misuse.
• Personal Security:-  Protection to Personal who authorized to access organization/institution and its operation.
• Operations Security:- Protection of the Details particular operation and activities.
• Communication Security:- Protection of organizations/ institutions communication media , technology and content.
• Network Security:- Protection of Networking components , Connections and Contents.

Security System Development Life Cycle.

• The same phases is used in traditional SDLC  may be adapted to support specialized implementation of Information Security Project.

• Identification of specific threats and creating controls to counter them.
• SecSDLC is a coherent program rather than a series of random, seemingly, unconnected actions.

Investigation:- 

•  Manage Identifies Process, outcomes, budget, goals and constraints of the project.
• Begins with enterprise information security policy.
• outline projects and goals.
• Estimate cost.

Analysis:- 

• Documents from investigation phase are studied.
•  Analyzes existing security policies or programs, along with documented current threats and associated controls.
• Study integration new system.
• Includes analysis of relevant legal issues that could impact design of the security solution.
• The risk management task begins.

Logical Design:-

• Creates and develops blueprint of information Security.
• Feasibility analysis to determine whether project should continue or be outsourced.

 Physical Design:-

• Needed security technology is evaluated, alternatives generated , and final design selected.
• Develop definition of successful solution.
• At end of phase , feasibility  study determines readiness of the project implementation.

Implementation:-

• Security solutions are acquired , tested , implemented , and tested again.
• Personal issues evaluated; specific training and educated programs.
• Entire tested package is presented to management for final approval.

Maintenance:-

• Perhaps the most important phase given, the ever changing threat environment.
• often, reparation and restoration of information is a constant duel with an unseen adversary .
• Information Security profile of an organizations/institutions requires constant adaption as new threats emerge and old threats evolve.

Summary

• Information Security is a "well informed sense of assurance that the information risks and control in a balance".
• Successful organizations / institutions have multiple layers of security in a place.
• Security should be considered a balance between protection and availability.
• Information Security must be managed similar to any major system implemented in an organization using a methodology  like SecSDLC.