After having dealt with a huge number of posts on Information security, I thought I will answer one of the fundamental questions about Information security in this post – “What is Information security?” 🙂
Information security or “InfoSec” is that discipline of study that broadly seeks to counter and prevent cyber attacks. It also seeks to keep data/information safe by employing different techniques and strategies.
With the cyber world taking over every facet of our life, it is but obvious that it will be susceptible to more attacks. To protect our devices/data/ and of course, ourselves as individuals/organization forms the basis of information security.
What is it really?
At the face of it, “Information security” reminds individuals or professionals of other specializations about anti-virus software or firewalls. While some part of Information security is about anti-virus definitions and different types of firewalls and configuring them, it is a much bigger field of study. Some of the key points of study relating to Information security are listed below:
- understand the ‘security lingo’ that is commonly used by InfoSec professionals(vulnerability, threat, countermeasure etc)
- observe the different data breaches around the world and understand their significance
- preventing attacks(having firewalls, VPN, anti-virus solutions etc)
- learning about the different types of attacks(phishing, ransomware, viruses etc)
- educating users about the attacks(security awareness)
- the procedures to follow when an ‘incident’ takes place(incident planning)
- the procedures to follow ‘if’ an ‘incident’ takes place(business continuity and disaster recovery)
- making sure that “you” are the person accessing a particular resource(authentication, identity management)
- making sure that the devices and data are physically safe(physical security)
These are just a few of the basic concepts related to Information security. There are more advanced topics like:
- OS fingerprinting
- Cross site scripting
- Computer forensics
- Session hijacking
- SQL injection
…. and more which will catch the imagination of a true InfoSec professional as time goes by.
The number of nefarious activities that can happen below the happy web we surf, is quite amazing and isn’t it nice that we have good InfoSec professionals guarding us?
This post just scraped the edge of the InfoSec world… join me as I uncover more concepts of Information security!