What is information security, Information security (often referred to as Info-Sec) is a set of strategies for managing the necessary processes, tools, and policies aimed at preventing and detecting threats, and confronting threats and dangers to information, both digital and non-digital. From attempts to modify, disrupt, destroy, or inspect.
Information security history
It was the beginning of information security from the Central Intelligence Agency (CIA), to make sure that confidential documents are completely safe from being altered or obtained from outside parties, or accessed by people who are not supposed to be able to access or obtain them, Especially confidential information.
What are the principles and objectives of information security?
Information security programs are built around the following basic objectives and principles:
1. Confidentiality: Not to disclose the information except to authorized parties.
2. Integrity: Preventing unauthorized modification of data.
3. Availability: Ensure that the data can be accessed by authorized parties when such data is requested.
Types and forms of information security
Application Security
Application security is a broad field of information security that covers vulnerabilities in software, web, and smartphone applications.
Many loopholes in the authentication processes of these applications can be found to be vulnerabilities or to authorize users.
Cloud security
Cloud security focuses on building and hosting secure applications in cloud environments. The word cloud means that different applications enable the user to use and work on them working in a common environment and therefore it must be ensured that there is adequate isolation and protection between the different operations in these common environments.
Encryption
Digital signatures are often used in encryption to verify the validity of data access. Encryption in general is the process of keeping information (fixed and mobile) secretly by using programs that have the ability to convert that information into another form similar to symbols so that if access is made to it by other people who are not allowed to see it, they will not be able to understand anything of the content of this information because what appears to them is a mixture of incomprehensible symbols, numbers, and letters, and therefore the file is decrypted by a mechanism, which must be known to both parties (Sender and Receiver) This is what is called symmetric encryption, and (Decryption) means decryption.
Infrastructure Security
Infrastructure security deals with the protection of internal and external networks, laboratories, data centers, servers, desktop computers, and mobile devices.
response
Incident response is the function concerned with monitoring and investigating harmful and potentially harmful behaviors.
Weakness management
Vulnerability management is the process of looking at the environment for vulnerabilities, for example in software and applications, and prioritizing remediation based on these potential risks.
Information security threats
Modern technologies with poor security
This is not related at all to the factor of time, and the obsolescence of hardware from a technical point of view, but in the ways of communication, but sometimes on the contrary, as the new technology may play a negative role in terms of security!
- The dangers of attacks that may occur through social media:
Geographically targeted attacks are the most common type in this field.
- Untrusted applications on mobile phones.
- Outdated security software, or low-efficiency software.
Updating protection programs is fundamental to the concept of security and its achievement, and it is a mandatory step to protect data, no matter how large and huge, as such a defense program has been developed against dangerous and previously known threats, and this means that any harmful virus that infects an old version of security programs will not be detected.
Here it should be noted that most security software is designed to send alerts when hacking attempts occur, but those alerts are useless if no one is available to process them.
Social engineering
Cybercriminals know that traditional technologies have limited shelf lives, so they have devised and turned to non-technical methods, such as social engineering, where their methods rely on social interaction and psychological manipulation in order to gain access to confidential data.
The danger of this type of intrusion is that it is unpredictable and very effective if the penetration is successful.
Lack of encryption or weak encryption
Not at the level of users as the individual user only, but even to the smallest details of the various services provided by companies, for example; in health care delivery sectors where patient data is dealt with, which will be very sensitive and understand the risk of losing it or errors in it.
.jpg)
