November 14, 2017

IT Security

Information Assurance (IA)

IA is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. IA includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. It uses physical, technical and administrative controls to accomplish these tasks. While focused predominantly on information in digital form, the full range of IA encompasses not only digital but also analog or physical form. These protections apply to data in transit, both physical and electronic forms as well as data at rest in various types of physical and electronic storage facilities.

Information Security (INFOSEC)

InfoSec is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). The chief area of concern for the field of information security is the balanced protection of the Confidentiality, Integrity and Availability of data, also known as the CIA Triad, while maintaining a focus on efficient policy implementation and no major hampering of organization productivity.

Cybersecurity (CYBERSEC)

CYBERSEC is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. Cybersecurity includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection. Also, due to malpractice by operators, whether intentional, accidental, IT security is susceptible to being tricked into deviating from secure procedures through various methods.

Policy and Compliance

To manage information security culture, five steps should be taken: Pre-evaluation, strategic planning, operative planning, implementation, and post-evaluation. Pre-Evaluation identifies the awareness of information security within employees and to analysis current security policy Strategic Planning comes up a better awareness-program and sets clear targets. Operative Planning is based on internal communication, management-buy-in, and security awareness and training program.

Hardware

Hardware security as a discipline originated out of cryptographic engineering and involves hardware design, access control, secure multi-party computation, secure key storage, ensuring code authenticity, measures to ensure that the supply chain that built the product is secure.

Forensics

IT Security Forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.