In an age when most of us spend most of our time online, a great amount of business and personal information is being generated. ‘Information Security’ is defined as securing that business or personal information by using varied programs, software and concepts. ‘Information is power’ goes the popular adage and securing it in today’s world is one of the most pressing issues facing InfoSec professionals today.
In the current business scenario, “security” should never be an afterthought and should always be incorporated into the corporate strategy according to the size of the organization. For most of us, unknowingly, security is already a part of our lives. “Protecting Tweets” on Twitter, ensuring privacy selections on different social media platforms, installing anti-virus programs, working with firewalls, backing up software, installing CCTV cameras are all various examples of security elements in our lives.
Let us first see the three popular maxims of Information Security followed by the broad elements of Information Security programs.
‘Three tenets of Information Security’
The three tenets of Information Security are Confidentiality, Integrity and Availability. It is also popularly known as the CIA triad.
‘Confidentiality’ ensures that the information that is transmitted is delivered only to the intended recipient. Confidentiality ensures secrecy of the transmission by encrypting, access control etc
‘Integrity’ is making sure that the information is not manipulated in transit. As an example, in online transactions, it is imperative that credit card information that is sent is not modified or sniffed.
‘Availability’ is making sure that the information is available all the time. Any disruptions to availability of information must be quickly looked into so that productivity of the organization does not go down.
Each organization big or small tries to uphold one or more of these security objectives in their own way.
Elements of an information security program:
It is a common misconception that implementing “security” measures and adopting different security precautions or assessments are only for bigger organizations. “Security” might not have been an integral part of the corporate structure 20 years ago but it is a necessity in today’s online world. Security strategies are used to protect product information, customer information, financial information and employee information. These are the broad elements of an information security program:
- Plan and organize
- Implement
- Operate and Maintain
- Monitor and Evaluate
“Planning and organizing” broadly involves getting upper management support for the security programs that need to be implemented in an organization. It also involves creating a threat profile and performing a risk assessment.
Some of the ways a security program is “Implemented” is by assigning roles to different people, creating policies, procedures and guidelines and creating SLA’s.
The security program is “maintained” by performing audits and making sure that they align with the initially stated security goals of the company.
The security program is a constant life cycle and needs to be continuously monitored and revamped to keep up with the changing times.
Not all of these steps may be necessary for all organizations but a security consultant can always be called to understand the situation and create a security plan. This in turn will create a safer virtual world.
Bibliography
Harris, S. All in one CISSP. In S. Harris.
- Preparation Guide on Salesforce Platform App Builder Certification - February 5, 2023
- Exam tips on Google Cloud Certified Professional Cloud Architect - January 26, 2023
- Let’s begin you career in DevSecOps | An Exclusive Interview with DevSecOps Certified Expert – Andreas Horn - January 9, 2023
- 25 Free Question on AWS Certified SAP on AWS – Specialty Exam (PAS-C01) - December 19, 2022
- 7 pro tips to prepare for the AZ-500: Microsoft Azure Security Technologies Exam - November 14, 2022
- Preparation Guide on DVA-C01: AWS Certified Developer Associate Exam - November 8, 2022
- Preparation Guide on SK0-005: CompTIA Server+ Certification Exam - October 26, 2022
- Free Questions on Microsoft Azure AI Solution Exam AI-102 Certification - October 14, 2022