What is Information Security?

Types of Information Security

When considering information security, there are many subtypes that you should know. These subtypes cover specific types of information, tools used to protect information and domains where information needs protection.

Infrastructure security

Infrastructure security strategies protect infrastructure components, including networks, servers, client devices, mobile devices, and data centers. The growing connectivity between these, and other infrastructure components, puts information at risk without proper precautions.

Cloud security

Cloud security provides similar protections to application and infrastructure security but is focused on cloud or cloud-connected components and information. Cloud security adds extra protections and tools to focus on the vulnerabilities that come from Internet-facing services and shared environments, such as public clouds. It also tends to include a focus on centralizing security management and tooling. This centralization enables security teams to maintain visibility of information and information threats across distributed resources.

Cryptography

Cryptography uses a practice called encryption to secure information by obscuring the contents. When information is encrypted, it is only accessible to users who have the correct encryption key. If users do not have this key, the information is unintelligible. Security teams can use encryption to protect information confidentiality and integrity throughout its life, including in storage and during transfer. However, once a user decrypts the data, it is vulnerable to theft, exposure, or modification.

Incident response

Incident response is a set of procedures and tools that you can use to identify, investigate, and respond to threats or damaging events. It eliminates or reduces damage caused to systems due to attacks, natural disasters, system failures, or human error. This damage includes any harm caused to information, such as loss or theft.

Vulnerability Management

Vulnerability management is a practice meant to reduce inherent risks in an application or system. The idea behind this practice is to discover and patch vulnerabilities before issues are exposed or exploited. The fewer vulnerabilities a component or system has, the more secure your information and resources are.

Disaster recovery

Disaster recovery strategies protect your organization from loss or damage due to unforeseen events. For example, ransomware, natural disasters, or single points of failure. Disaster recovery strategies typically account for how you can recover information, how you can restore systems, and how you can resume operations. These strategies are often part of a business continuity management (BCM) plan, designed to enable organizations to maintain operations with minimal downtime.

Information Security Technologies

Firewalls

Firewalls are a layer of protection that you can apply to networks or applications. These tools enable you to filter traffic and report traffic data to monitoring and detection systems. Firewalls often use established lists of approved or unapproved traffic and policies determining the rate or volume of traffic allowed.

Security incident and event management (SIEM)

SIEM solutions enable you to ingest and correlate information from across your systems. This aggregation of data enables teams to detect threats more effectively, more effectively manage alerts, and provide better context for investigations. SIEM solutions are also useful for logging events that occur in a system or reporting on events and performance. You can then use this information to prove compliance or to optimize configurations.

Data loss prevention (DLP)

SIEM solutions DLP strategies incorporate tools and practices that protect data from loss or modification. This includes categorizing data, backing up data, and monitoring how data is shared across and outside an organization. For example, you can use SIEM solutions DLP solutions to scan outgoing emails to determine if sensitive information is being inappropriately shared.

Intrusion detection system (IDS)

IDS solutions are tools for monitoring incoming traffic and detecting threats. These tools evaluate traffic and alert on any instances that appear suspicious or malicious.

Intrusion prevention system (IPS)

IPS security solutions are similar to IDS solutions and the two are often used together. These solutions respond to traffic that is identified as suspicious or malicious, blocking requests or ending user sessions. You can use IPS solutions to manage your network traffic according to defined security policies.

User behavioral analytics (UBA)

UBA solutions gather information on user activities and correlate those behaviors into a baseline. Solutions then use this baseline as a comparison against new behaviors to identify inconsistencies. The solution then flags these inconsistencies as potential threats. For example, you can use UBA solutions to monitor user activities and identify if a user begins exporting large amounts of data, indicating an insider threat.

Blockchain cybersecurity

Blockchain cybersecurity is a technology that relies on immutable transactional events. In blockchain technologies, distributed networks of users verify the authenticity of transactions and ensure that integrity is maintained. While these technologies are not yet widely used, some companies are beginning to incorporate blockchain into more solutions.

Endpoint detection and response (EDR)

EDR cybersecurity solutions enable you to monitor endpoint activity, identify suspicious activity, and automatically respond to threats. These solutions are intended to improve the visibility of endpoint devices and can be used to prevent threats from entering your networks or information from leaving. EDR solutions rely on continuous endpoint data collection, detection engines, and event logging.

Cloud security posture management (CSPM)

CSPM is a set of practices and technologies you can use to evaluate your cloud resources’ security. These technologies enable you to scan configurations, compare protections to benchmarks, and ensure that security policies are applied uniformly. Often, CSPM solutions provide recommendations or guidelines for remediation that you can use to improve your security posture.

Common Information Security

Social engineering attacks

Social engineering involves using psychology to trick users into providing information or access to attackers. Phishing is one common type of social engineering, usually done through email. In phishing attacks, attackers pretend to be trustworthy or legitimate sources requesting information or warning users about a need to take action.

Advanced persistent threats (APT)

An advanced persistent threat is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Insider threats

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.

Cryptojacking

Cryptojacking, also called crypto mining, is when attackers abuse your system resources to mine cryptocurrency. Attackers typically accomplish this by tricking users into downloading malware or when users open files with malicious scripts included. Some attacks are also performed locally when users visit sites that include mining scripts.

Distributed denial of service (DDoS)

DDoS attacks occur when attackers overload servers or resources with requests. Attackers can perform these attacks manually or through botnets, networks of compromised devices used to distribute request sources. The purpose of a DDoS attack is to prevent users from accessing services or to distract security teams while other attacks occur.

Ransomware

Ransomware attacks use malware to encrypt your data and hold it for ransom. Typically, attackers demand information, that some action be taken, or payment from an organization in exchange for decrypting data. Depending on the type of ransomware used, you may not be able to recover data that is encrypted. In these cases, you can only restore data by replacing infected systems with clean backups.

Man-in-the-middle (MitM) attack

MitM attacks occur when communications are sent over insecure channels. During these attacks, attackers intercept requests and responses to read the contents, manipulate the data, or redirect users.