Hello, aspiring ethical hackers. In our previous blogpost, you learnt about cybersecurity. In this blogpost, you will learn about Information security. The word Information security is often used interchangeably used with cybersecurity but they are different although not entirely. So, let’s begin with definition of Information security.
What is Information security?
Information security, also known as InfoSec is the name given to all the processes and procedures that are used to protect information (both digital and physical) from cyber threats in an organization.
Importance of Information security
Now, that you have understood what InfoSec is, let me explain to you it’s importance. As the world moves more towards digitization, humans increasingly depend on technology and internet for storing and transmitting information. This information is very important and faces both cyber and physical threats. With the difficulty of performing a hacking attack becoming simple day-by-day and threat actors and cybercriminals increasingly evolving their tactics, the role of information security has become all too important not only for organizations but also individuals.
Principles of Information security
InfoSec has there core principles. Popularly known as CIA triangle, they are Confidentiality, Integrity and Availability. Let’s learn about each of them in detail.
1.Confidentiality:
Confidentiality ensures that all the sensitive information is safe from unauthorized access.
2. Integrity:
Integrity ensures that the sensitive information is safe from destruction without proper authorization.
3. Availability:
Availability ensures that the information is available to authorized users whenever they need them.
Types of information security
Although InfoSec is a single word, it is a combination of different branches. Let’s learn about each of them in detail.
1.Network security:
Network security refers to protection of the network infrastructure both software and hardware, communication infrastructure, communication protocols etc. This includes all the devices in a network, communication between them and even between them and external assets.
2.Endpoint security:
Endpoint security deals with security of the endpoint devices in the network. These include Desktops, Laptops and other devices that act as access point to an organization’s network.
3. Web security:
This refers to protection of websites, web applications and the infrastructure coming with it.
4. Mobile security:
Mobile security is concerned with security of the mobile devices like mobiles and tablets which are increasingly being used in organizations.
5. Application security
Application security deals with protection of all the applications used in organization.
6. Cloud security:
Cloud security refers to protecting of data, applications and services hosted in private and public cloud environment.
7. IoT Security:
IOT security refers to protection of Internet Of Things (IOT) devices and networks from cyber attack and data breaches.
Information Security vs Cybersecurity
By now you should have clearly understood what InfoSec is. Let’s see what is the difference between InfoSec and cybersecurity. Cyber security is the entire practice of protecting computers, networks and data from cyber attacks. InfoSec is protection of all kinds of information from threats.
