06 Mar Information Security: Overview, Types, and Applications Explained
Should we talk about Information Security? What’s it about? What do we need it for?
How is information security different from two other concepts? What are digital security and cybersecurity?
We are in the middle of a global pandemic, and due to physical distancing, the process of digitizing companies has accelerated. Many activities we carry out depend on the internet and digital platforms. This scenario has increased the risks we have when we browse and store information. During the pandemic, more data has been recorded of hacks towards important companies and even governments. Solarwinds for example was hacked. A group of Russian hackers entered the Solarwinds systems and extracted several access credentials, with which they could enter the CIA and Microsoft systems. In the latter, the structure of his most recent product was unveiled.
This not only applies to large companies, but it also applies to the general public. 2020 has been the year where there have been more cases of cybercrimes. Cybercrimes have increased by 600%, and, there was an “untouchable sector” which hackers didn’t care at all before, but now they do, those are toddlers and youngsters. Children and adolescents have been part of this statistic since they are making use of distance education.
Through digitization, we are saving our personal information in our emails, and we are making use of the cloud to save, for example, information about our bank accounts; that’s why all this information is at risk, and that’s why we have to give it greater importance.
Let’s talk about Information Security
Information security refers to all actions and concepts that are implemented to control and maintain the privacy of the information and data of a person, organization, and government entity.
How does Information Security differ from other concepts?
Information Security integrates digital security, and also integrates cybersecurity. Information security integrates all procedures, tools, concepts, standards, techniques, applications, measures that have to do with protecting our information, even if it’s not in a digital format. Governments, militaries, and so on have protected information throughout history because information means power. Now, digital security, on the other hand, includes all the habits, procedures that we as civilians and organizations have, to protect ourselves and have better relationships with digital technology. Digital security appears when there is hate speech, or cyberbullying; However, cybersecurity is a part of information security and only focuses on the digital part, and uses protocols to protect companies from possible attacks and potential threats. Cybersecurity is primarily treated by companies, organizations, and states.
If you work in the civil society sector or politics, what are the basics about information security? First of all, you have to understand that information security is a discipline more related to computer science and how we relate to technology and how we use them.
There are 5 things you should know:
What is an information asset? How does an information asset differ from an information system? An information asset, according to ISO 27001, which is the cybersecurity standard, indicates it as all knowledge, every block of data, whether raw or systematized owned by the organization or a particular citizen, and is described as an asset thanks to the value given by the organization or the person themselves. We are not only talking about a database but also about photographs, documents, videos, all the information we want to protect can be conceived as information assets. This differs from the information system since this can be a software, platform that allows us to process, manage this information. Nevertheless, these are interrelated.
There are different levels of security depending on the type of information we handle. It is not the same to handle ultra-sensitive data such as health data, or identification data, than to handle data that does not have that level of sensitivity. By differentiating it, we can devise strategies. The ultrasensitive data must be shared by an encryption system, they cannot be shared by text message, whatsapp or email.
What are the most frequent threats that we should take into consideration when we make a security strategy?
The falsification of information without authorization, for example, some data, title, or code; another could be information leakage, surveillance monitoring when we are persons of interest, another could be the loss of information in an unintentional way, and finally unauthorized access to information, for example when a person withdraws from a company and still has access to information.
The principles of information security that everyone should know are
Integrity of information (Means information is not falsified or altered)
Confidentiality (Means information has the levels of privacy that it’s supposed to have)
Availability (Means information can be available to authorized employees at all times), and finally
Authentication (This is a new principle in information security, because there are many cases of phishing, therefore, in this case verify that the person who was given access is actually the one who is entering, and not a malicious hacker). It should be noted that 99% of hacks happen due to human errors…
Among those errors are errors in the configuration, little care with passwords, cases of social engineering, therefore, the security of information does not depend so much on super computers, or hackers; but to be aware.