What is InfoSec? or Information Security.

Information security, or InfoSec, is the process of protecting an organization’s data from modification or unauthorized access to ensure its confidentiality, availability and integrity. InfoSec helps to ensure your data is protected through the use of cryptography and secure network protocols.

What is the key differences between cybersecurity and infosec / information security?

Information security and cybersecurity are all too often confused. InfoSec is a crucial part of cybersecurity it refers primarily to the processes designed for the security of data. Cybersecurity is a more general term that includes InfoSec as a whole

Types of InfoSec

AppSec

Application security is a broad topic that covers software vulnerabilities in web and mobile applications and application programming interfaces (APIs). AppSec is an important part of perimeter defence for InfoSec.

Cloud security

Cloud security focuses on building and hosting secure applications in cloud environments and securely consuming third-party cloud applications. Businesses must make sure that there is adequate isolation between different processes in shared environments.

Cryptography

Encrypting data in transit and data at rest helps ensure data confidentiality and integrity. Cryptography and encryption have become increasingly important. A good example of cryptography use is the Advanced Encryption Standard (AES).

Infrastructure security

Infrastructure security deals with the protection of internal and extranet networks, labs, data centres, servers, desktops, and mobile devices.

Incident response

Incident response is the function that monitors for and investigates potentially malicious behaviour.

In preparation for breaches, IT staff should have an incident response plan for containing the threat and restoring the network. In addition, the plan should create a system to preserve evidence for forensic analysis and potential prosecution. This data can help prevent further breaches and help staff discover the attacker.

Vulnerability management

Vulnerability management is the process of scanning an environment for weak points (such as unpatched software) and prioritizing remediation based on risk.

In many networks, businesses are constantly adding applications, users, infrastructure, and so on. For this reason, it is important to constantly scan the network for potential vulnerabilities. Finding a vulnerability in advance can save your businesses the catastrophic costs of a breach.

Cybersecurity

Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide

Recommended

CyberSecurity Knowledge Base

Why not check out our free cybersecurity academy?