
What is InfoSec? or Information Security.
Information security, or InfoSec, is the process of protecting an organization’s data from modification or unauthorized access to ensure its confidentiality, availability and integrity. InfoSec helps to ensure your data is protected through the use of cryptography and secure network protocols.
What is the key differences between cybersecurity and infosec / information security?
Information security and cybersecurity are all too often confused. InfoSec is a crucial part of cybersecurity it refers primarily to the processes designed for the security of data. Cybersecurity is a more general term that includes InfoSec as a whole
Types of InfoSec
AppSec
Application security is a broad topic that covers software vulnerabilities in web and mobile applications and application programming interfaces (APIs). AppSec is an important part of perimeter defence for InfoSec.
Cloud security
Cloud security focuses on building and hosting secure applications in cloud environments and securely consuming third-party cloud applications. Businesses must make sure that there is adequate isolation between different processes in shared environments.
Cryptography
Encrypting data in transit and data at rest helps ensure data confidentiality and integrity. Cryptography and encryption have become increasingly important. A good example of cryptography use is the Advanced Encryption Standard (AES).
Infrastructure security
Infrastructure security deals with the protection of internal and extranet networks, labs, data centres, servers, desktops, and mobile devices.
Incident response
Incident response is the function that monitors for and investigates potentially malicious behaviour.
In preparation for breaches, IT staff should have an incident response plan for containing the threat and restoring the network. In addition, the plan should create a system to preserve evidence for forensic analysis and potential prosecution. This data can help prevent further breaches and help staff discover the attacker.
Vulnerability management
Vulnerability management is the process of scanning an environment for weak points (such as unpatched software) and prioritizing remediation based on risk.
In many networks, businesses are constantly adding applications, users, infrastructure, and so on. For this reason, it is important to constantly scan the network for potential vulnerabilities. Finding a vulnerability in advance can save your businesses the catastrophic costs of a breach.
Cybersecurity
Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide
Recommended
Why not check out our free cybersecurity academy?
Posts Slider
Dangerous ‘Lightning Framework’ Linux malware installs rootkits, backdoors
A new and previously undetected malware dubbed ‘Lightning Framework’ targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a “Swiss Army Knife” in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. “The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration,” Intezer security researcher Ryan Robinson said. This malware is……
825 total views, 10 views today
Atlassian Patches critical Confluence hardcoded credentials flaw
Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers. The hardcoded password is added after installing the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2) for a user account with the username disabledsystemuser — designed to help admins with the migration of data from the app to the Confluence Cloud. According to Atlassian, the app helps improve communication with the organization’s internal Q&A team and is currently installed on over 8,000 Confluence servers. “The disabledsystemuser account……
1,113 total views, 10 views today
Microsoft Teams outage also affected Microsoft 365 services
What initially started like a minor Microsoft Teams outage has also taken down multiple Microsoft 365 services with Teams integration, including Exchange Online, Windows 365, and Office Online. “We’ve received reports of users being unable to access Microsoft Teams or leverage any features,” the company revealed on its official Microsoft 365 Status Twitter account more than 8 hours ago. Two hours later, Redmond said the issue causing the connection problems was a recent deployment that featured a broken connection to an internal storage service. However, Teams was not the only product impacted by the outage since users……
909 total views, 8 views today
Linode + Kali Linux: Added security for cloud instances
The popular open-source Linux distribution, Kali Linux, specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. Getting Kali Linux on Linode The infrastructure-as-a-service (IaaS) platform provider, recently acquired by Akamai, offers two ways to get Kali: A bare-install version in the form of an official Kali distribution (without a GUI and tools) that can be deployed on any Linode compute instance and used via a command line interfaceA Kali Linux Marketplace app (with an XFCE user interface, a full suite of tools, and various additional options)……
1,467 total views, 1 views today
Apache Commons Configuration patches Log4Shell style bug – what you need to know
Remember Log4j? Well, Log4J is one of the Apache Software Foundation’s many software projects (more than 350 at current count), and it’s a programming library that Java coders can use to manage logfiles in their own products. Logfiles are a vital part of development, debugging, record keeping, program monitoring, and, in many industry sectors, of regulatory compliance. Unfortunately, not all text you logged – even if it was sent in by an external user, for example as a username in a login form – was treated literally. If you gave your name……
1,302 total views