komal borkar
Types Of Infosec
Information security
Information Security is not only about securing information
from unauthorized access. Information Security is basically the practice of
preventing unauthorized access, use, disclosure, disruption, modification,
inspection, recording, or destruction of information. Information can be a
physical or electronic one. Information can be anything like Your details or we
can say your profile on social media, your data on your mobile phone, your
biometrics, etc. Thus Information Security spans so many research areas like
Cryptography, Mobile Computing, Cyber Forensics, Online Social Media,
etc.
During the First World War, a Multi-tier Classification
System was developed keeping in mind the sensitivity of the information. With
the beginning of the Second World War, formal alignment of the Classification
System was done. Alan Turing was the one who successfully decrypted the Enigma
Machine which was used by Germans to encrypt warfare data.
Effective information security requires a comprehensive
approach that considers all aspects of the information environment, including
technology, policies and procedures, and people. It also requires ongoing
monitoring, assessment, and adaptation to address emerging threats and
vulnerabilities.
Information Security (InfoSec) focuses on protecting data
from threats and unauthorized access. Here are five important types:
- Network
Security:
Protects computer networks from attacks and unauthorized access using
tools like firewalls, Intrusion Detection Systems (IDS), and Virtual Private
Networks(VPN). For example, a firewall can
block malicious traffic trying to enter a company’s network.
- Application
Security:
Secures software applications by finding and fixing vulnerabilities, using
methods like code reviews and security patches.
An example is a web application firewall (WAF) that prevents
attacks on websites by filtering and monitoring HTTP traffic.
- Data
Security:
Ensures data safety during storage and transfer by using encryption and data
masking. For instance, encrypted emails are unreadable to anyone
without the decryption key, protecting sensitive information.
- Endpoint
Security:
Secures individual devices such as computers, smartphones, and tablets
through antivirus software and Endpoint Detection
and Response (EDR) tools. An example is an antivirus program that scans and removes
malware from a personal laptop.
- Cloud
Security:
Protects data and applications hosted in cloud environments with measures
like secure cloud configurations and Identity and
Access Management (IAM). For instance, using multi-factor authentication (MFA) helps ensure that
only authorized users can access cloud-based services.
- Confidentiality: Keeping sensitive information
confidential and protected from unauthorized access.
- Integrity: Maintaining the accuracy and
consistency of data, even in the presence of malicious attacks.
- Availability: Ensuring that authorized users
have access to the information they need, when they need it.
- Compliance: Meeting regulatory and legal
requirements, such as those related to data privacy and protection.
- Risk management: Identifying and mitigating
potential security threats to prevent harm to the
organization.
- Disaster recovery: Developing and
implementing a plan to quickly recover from data loss or system failures.
- Authentication: Verifying the identity of users
accessing information systems.
- Encryption: Protecting sensitive
information from unauthorized access by encoding it into a secure format.
- Network security: Protecting computer networks from unauthorized access, theft, and other types of attacks.
By:
Komal borkar (E-42 & A-14)
Student of Btech Computer Science
& Engineering
Subject: Information Security
Under Guidence of Mr. Nursing Kadam.
Comments
Post a Comment