Information Security can be elucidated as an act of protecting the Confidentiality, Integrity, and Availability of the computer systems and the data stored within, from malicious users. The combination of Confidentiality, Integrity, and Availability is also referred to as the CIA triad of Information Security. Let us briefly discuss about each component that forms the CIA triad to understand the impact it makes on the protection of data stored on the system:
Confidentiality: Confidentiality can be defined as an act of ensuring that the data stored on the systems has only been accessed by authorized personnel.
Integrity: Integrity can be defined as an act of ensuring that the data stored on the systems stays in its original state and only be edited by authorized personnel.
Availability: Availability can be defined as an act of ensuring that the data stored on the systems is available when required by authorized personnel.
Now you have the high level understanding of how the data on the information systems can be protected, let’s dive into a bit more detail around which areas an organization should broaden their horizon on, to make sure they remain secure. Listed below are the domains of information security defined by International Information System Security Certification Consortium (ISC)2 that are inevitable to be considered in this era of the world when security of the data is a prime concern:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
Businesses across the world have recently started taking into consideration the importance of protecting the safety and privacy of the sensitive data, personal information of employees, and their customers. But where do you think they are lagging behind compared to a handful of mature organizations?
- Is it the money / budget?
- Is it the resources that are not sufficient enough?
- Is it the support from management? Or
- Is it just a shortage of technical expertise?
Well, everything mentioned above contributes a bit at some extent but you know what the most critical aspect we are missing here is?
It’s the MINDSET folks!
Information Security has always been a concern when it is considered as an afterthought, rather than just thinking about it from the very beginning. Why wait till the sensitive data gets compromised to unauthorized individuals leading an organization to regulatory penalties, legal disputes, or significant lawsuits or arbitration? In some cases, an organization may also receive extensively adverse attention in international media resulting in a significant reputational damage. Even further, exposure of information in the system may also have potentially severe consequences on company operations leading to financial damage to the organization. So it is necessary to think about security, before you have to think about the ramifications of compromise in security.
You would be wondering now:
- If all the organizations that incorporate security in every product they build from the very beginning are secure and won’t ever be affected by breach?
- Will the employees in an organization with security positive culture be an exception when it comes to compromise?
The answer is a big NO. But, that is where the Due Care and Due Diligence kicks in. It’s always better to put in the efforts that can help reduce magnitude of the impact an incident can make on you and your organization. In terms of information security, you never mitigate the risk completely, you just try to bring it to a level that is tolerable.
How about we stop here for now and provide you guys an opportunity to reflect upon? There are many areas that need to be focused on while securing the infrastructure of an organization and we will try to go through them as we proceed further with other posts on this blog. Till then, think about: Making this world a bit better. A bit more secure. Because remember,
SEC_RITY is incomplete without U!
Keywords: Information Security, Security, Infosec, CIA Triad
Thank you so much guys for taking the time to read this post. Please let us know how we did and make sure you: LIKE, SHARE, SUBSCRIBE, and COMMENT.
Your feedback will be highly appreciated and feel free to let us know about any requests you have regarding the topics we should include in our upcoming posts. We will be more than happy to prioritize and accommodate your requests!