What is InfoSec?
Information security, aka InfoSec, refers to the processes and tools that are designed and deployed to protect sensitive business information from unauthorized modification, disruption, destruction, and inspection1. InfoSec encompasses physical and environmental security, access control, and cybersecurity, and often includes technologies such as cloud access security brokers (CASB), deception tools, endpoint detection and response (EDR), and security testing for DevOps (DevSecOps), and more.2 InfoSec comprises a wide range of security solutions, tools, and processes that keep business information secure across devices and locations by helping to protect against cyberattacks and other disruptive events such as natural disasters. Types of InfoSec include:
Application security. Application security broadly covers software vulnerabilities in web and mobile application programming interfaces (APIs). These vulnerabilities may be found within outdated policies and procedures, authentication of users, authorization of users, codes, and configurations. Application vulnerabilities can create pathways for InfoSec breaches, which is why application security is a critical part of perimeter defense.
Cloud security. Cloud security focuses on building and hosting secure applications in cloud environments and securely utilizing third-party cloud applications. Cloud environments are shared environments, so businesses must ensure that there is sufficient isolation between the different processes.
Infrastructure security. Infrastructure security focuses on the protection of internal and extranet networks, labs, data centers, servers, desktops, and mobile devices.
Cryptography. Encrypting data, both in transit and at rest, helps to ensure the data’s confidentiality and integrity. Digital signatures are a commonly used cryptographic technology that is used to validate data’s authenticity. An example of a cryptographic technology application is the Advanced Encryption Standard (AES), which is a symmetric key algorithm used to protect classified government data.
Vulnerability management. Vulnerability management refers to the process of scanning an environment for weaknesses (such as unpatched software) and prioritizing remediation tasks based on their risk level. Many business networks see frequent additions of users, applications, and more, so it is critical that the network is constantly scanned for potential vulnerabilities.
Incident response. Incident response is the function that monitors and investigates malicious behavior. In order to prepare for potential breaches, businesses should have incident response plans in place that address the procedures for responding to a cyberattack, data breach, or other disruptive events. The plan should include procedures for containing threats, restoring the network, and preserving evidence for forensic analysis and legal considerations.
Disaster recovery. Disaster recovery is a method devised to reestablish functional technological systems in the wake of an event such as a natural disaster, cyberattack, or other disruptive events.
1 Cisco, 2022, “What Is Information Security?”
2 Microsoft, 2022, “Information Security (InfoSec) defined)