The management of information security relies on three distinct areas of accountability. They are enterprise security, information security, and information technology security. However, due to different organizational structures, they are not always well linked or coordinated.
What Is Information Security?
Information security, or so-called InfoSec, refers to the processes designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection. However, information security is often confused with cybersecurity. Information security is a crucial part of cybersecurity, but cybersecurity is a more general term that includes information security. The basic element is to preserve confidentiality and ensuring that information can only be accessed only by an authorized person. However, that's not enough. We also have to maintain integrity, to safeguard the accuracy and completeness of the information, thus no unauthorized changes are made. Besides, the final step is to ensure information is available for use when required. So, let's discuss each step.
ISO 27000
ISO/IEC 27000:2018 provides an overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards such as authenticity(ensuring the genuine), Possession and Control(control of data creates the risk of loss of security), Utility(data availability), and Non-Repudiation.
What Is Enterprise Security?
Enterprise security, in short, is a multi-faceted concern that includes both the internal or proprietary business secrets such as hacking attacks, social engineering attacks, and phishing attacks, or physical aspects, kidnapping, or frauds, even unauthorized agents' spy activities such as installed on the telecom network or the local wifi channels.
For instance, Facebook, Instagram, and LinkedIn all be regulated by governments, and faced large fines if they lose the sensitive customer data to hackers. Keep these data to reliance on cloud infrastructure for business process support introduces new challenges to corporate security in IT. Moreover, the ability to access unencrypted passwords and login information can compromise not only individual accounts and data but also an entire corporate network if an intruder gains data center access.
In addition, all enterprises start with hiring people to work for them. Their human resources department takes all the necessary employment steps to ensure data privileges are appropriately limited. Enterprise security is focused on related data centers, networking, and servers, but they all closely connected with human resources. In social engineering attacks and phishing attacks like email encourage employees to click on links that download and install malware, they both weaknesses in human nature. However, even where physical access is tightly controlled, enterprise corporations still face hacking attacks from the farthest reaches around the globe. These attacks can be separated by different levels. From cyber-war to just criminal or publicity-seeking hackers, all possible to target the critical infrastructures of businesses like power stations, telecommunications, plants, or to steal credit card information and bank account access.
What Is Information Technology Security
Information technology security is a set of cybersecurity strategies that prevent unauthorized access to assets such as computers, networks, and data. It also keeps the integrity and confidentiality of sensitive information and blocks malicious access. Threats to IT security come in different forms such as malware, ransomware, spyware, and viruses.
Types of IT security are network security, internet security, endpoint security, application security, and the most popular recently, cloud security.
What Are The Differences?
Although IT security and information security sound similar and often confused, they are different types of security. Information security refers to the processes and tools designed to protect sensitive business information, whereas IT security refers to securing digital data.
One way to ascertain the similarities and differences among these terms is by asking what is being secured. For instance, information security is securing information and doesn’t necessarily have to involve technology while IT security is technology-specific. And, recall that enterprise security a multi-faceted concern, what is been protected is businesses and firms. So, its purpose is to secure all threats against the specific business, not just from hackers, but also from liars or even dumps.
Reference
Computer Security vs Information Security: What's the Difference? (n.d.). Retrieved December 29, 2020, from https://business.gmu.edu/blog/tech/2014/09/22/deciphering-itcyber-lexicon/?hvid=3jDqdK
Gelbstein, E. (2013). Information Security for Non-Technical Managers. Bookboon.
ISO/IEC 27000:2018. (2018, February 07). Retrieved December 28, 2020, from https://www.iso.org/standard/73906.html
What Is IT Security? - Information Technology Security. (2020, December 16). Retrieved December 29, 2020, from https://www.cisco.com/c/en/us/products/security/what-is-it-security.html
What Is Information Security (InfoSec)? (2020, December 14). Retrieved December 29, 2020, from https://www.cisco.com/c/en/us/products/security/what-is-information-security-infosec.html
Posts
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.