The quality or condition of being safe to be free from the danger that protects from disasters. A successful organization has many layers of security such as physical security, personal security, operational security, communication security, network security. In simple words, security is who protects from unwanted disaster and give protection.
Information security is not about obtaining information from unauthorized access, but it is more than that. Rather, information security is the practice of preventing unauthorized access, disclosure, use, modification, interference, inspection, recording, or destruction of information. This information can be electrical or physical. Information can be anything like your details (i.e. your personal information) or we can say your profile on social media, your data in mobile phone, your biometrics, etc., all this information is related to you. Going forward, this information security spreads to many research areas such as cryptography, cyber forensics, mobile computing, online social media, etc.
WHAT IS AN INFORMATION SECURITY
It is necessary to protect information and its critical elements, including systems and hardware that use, store, and transmit that information. All these tools are important for information security such as policy, awareness, training, education, and technologies are essential.
It is also called Infosys. Infosys deals with protecting security from unauthorized access. This information is part of risk management. This includes things like preventing or reducing the possibility of unauthorized access, interference, use, interference, deletion, disclosure, corruption, modification, inspection, or recording. If a security incident occurs, information security professionals are involved in reducing the negative impact of the incident, that is, it tries to prevent it. Information can be in any form, electronic or physical, tangible or intangible.
Information security programs are designed for about 3 purposes.
Commonly known as CIA –
Confidentiality – Confidentiality means that information about unauthorized persons, entities, and the process is not disclosed. Example: If we say that I have the password for my Gmail account, but if someone saw that I was logging into the Gmail account and they came to know about my password. In that case, my Gmail password can be compromised and for this reason, privacy is breached.
Integrity – Integrity means maintaining the accuracy and completeness of data. Integrity means that data cannot be edited in an unauthorized way. Example: An employee leaves an organization. So the data in all departments like accounts for that employee should be updated in JOB LEFT as per the situation. So that the data is a complete and accurate and only authorized person is allowed to edit employee data.
Availability – Availability means information should be available when needed. Example: If one has to use the information of a particular employee to understand the number of leaves of the employee. So, in that case, it needs cooperation from various organizational teams such as network development operations, incident response, operations, and policy/change management. Denial of service attack is a factor that can hinder the availability of information.
INFORMATION SECURITY THREATS
A variety of threats can occur including identity theft, software attacks, sabotage, physical theft, and information extortion:
• Software attacks on information security include Trojan horses such as viruses, malware, worms, ransomware.
• The purpose of a phishing email or website is often to log into credentials to steal intellectual property. Social engineering is one of the biggest dangers of cyber threats. With traditional security measures, it has become more difficult to protect.
• Fears such as a denial of service attacks are often to reduce the availability of key information assets, reducing confidence or organizational productivity until the organization receives payment in return for returning the service.
• Theft of information and equipment has become commonplace now as most of the devices are now mobile like smartphones or laptops.
• Information extortion involves acquiring access to confidential information and then holding ransom until payment is made.
By Chavi Priya :