21 May 2022

What is InfoSec

what is infosec

What is InfoSec? or Information Security.

 

Information security, or InfoSec, is the process of protecting an organization’s data from modification or unauthorized access to ensure its confidentiality, availability and integrity. InfoSec helps to ensure your data is protected through the use of cryptography and secure network protocols.

What is the key differences between cybersecurity and infosec / information security?

Information security and cybersecurity are all too often confused. InfoSec is a crucial part of cybersecurity it refers primarily to the processes designed for the security of data. Cybersecurity is a more general term that includes InfoSec as a whole

Types of InfoSec

AppSec

Application security is a broad topic that covers software vulnerabilities in web and mobile applications and application programming interfaces (APIs). AppSec is an important part of perimeter defence for InfoSec.


Cloud security

Cloud security focuses on building and hosting secure applications in cloud environments and securely consuming third-party cloud applications. Businesses must make sure that there is adequate isolation between different processes in shared environments.


Cryptography

Encrypting data in transit and data at rest helps ensure data confidentiality and integrity. Cryptography and encryption have become increasingly important. A good example of cryptography use is the Advanced Encryption Standard (AES).


Infrastructure security

Infrastructure security deals with the protection of internal and extranet networks, labs, data centres, servers, desktops, and mobile devices.


Incident response

Incident response is the function that monitors for and investigates potentially malicious behaviour.

In preparation for breaches, IT staff should have an incident response plan for containing the threat and restoring the network. In addition, the plan should create a system to preserve evidence for forensic analysis and potential prosecution. This data can help prevent further breaches and help staff discover the attacker.


Vulnerability management

Vulnerability management is the process of scanning an environment for weak points (such as unpatched software) and prioritizing remediation based on risk.

In many networks, businesses are constantly adding applications, users, infrastructure, and so on. For this reason, it is important to constantly scan the network for potential vulnerabilities. Finding a vulnerability in advance can save your businesses the catastrophic costs of a breach.

Cybersecurity

Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide

Recommended

CyberSecurity Knowledge Base

Why not check out our free cybersecurity academy?

Posts Slider

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency added the recently disclosed remote code execution bug, tracked as CVE-2022-30525, affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Experts recommend also private organizations review the Catalog and address……

 12,034 total views,  248 views today

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information. “Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants,” Trend Micro analysts Cifer Fang, Ford Quin, and Zhengyu Dong said in a new report. “Since its discovery, the spyware has continuously beleaguered Google Play.” Facestealer, first documented by Doctor Web in July 2021, refers to a group of fraudulent apps that invade the official app marketplace for Android with the goal……

 9,776 total views,  227 views today

Killnet hackers announce Russian cyber attacks on UK for standing up to Putin’s war

HACKER Group Killnet have announced global cyber attacks against a number of countries – including the UK – for standing up to Vladimir Putin’s war in Ukraine. The other countries being targeted by the Russia-linked group are the US, Germany, Italy, Latvia, Romania, Lithuania, Estonia, Poland and Ukraine. The hacktivists claimed to have disrupted the infrastructure of Italy’s State Police anti-cyber crime arm after it thwarted hacking attempts on the Eurovision Song Contest. Hackers from the Killnet group announced in the early hours of Monday morning that claims made by……

 10,765 total views,  212 views today

Brazilian e-commerce firm Americanas reports multimillion-dollar loss following cyberattack

The company’s transactional platforms were unavailable for a week following the incident in February. Brazilian e-commerce conglomerate Americanas.com reported a multimillion-dollar loss in sales in its financial results on Friday after a major cyberattack earlier this year. The company lost 923 million Brazilian reais ($183 million) in sales after two attacks that took place between February 19 and 20 and rendered its e-commerce operation unavailable. According to the company, physical stores continued to operate and the logistics arm of the company continued to deliver orders placed after the event. “In……

 9,679 total views,  137 views today

Avast, AVG Release Security Updates for Decade-Old Vulnerability

SentinelOne disclosed two high-severity vulnerabilities – tracked as CVE-2022-26522 and CVE-2022-26523 – that went undiscovered for years and affect the “Anti Rootkit” driver in security products from Avast and AVG.  The two anti-virus companies joined forces in 2016 when Avast bought AVG for about $1.3 billion. NortonLifeLock announced in 2021 that it reached an agreement to merge with the Czech antivirus maker in a stock-based deal that could be worth between $8.1 billion to $8.6 billion. On December 20, SentinelOne notified Avast of the two vulnerabilities that could lead to privilege escalation “by running code in the kernel……

 18,956 total views,  37 views today

Share the word, let's increase Cybersecurity Awareness as we know it