Image by Dave Edmonds
Information Security
Information security is a multi-discipline, continuous effort to protect organizational information and services. It covers the following disciplines:
- Security information and event management (SIEM)
- Identity and Access Management (IAM)
- Fraud Detection and Prevention
- Governance, Risk, and Compliance (GRC)
The three main elements that need to be protected are Confidentiality, Integrity and Availability, a.k.a the CIA triad.
Confidentiality stands for keeping private information private – be it company intellectual property, a trade secret or the photos on your private laptop.
Integrity stands for keeping information accurate and not allowing anyone (external or internal) to modify it without authorization.
Availability stands for keeping information (and services) available, e.g. mitigating risks of deletion or denial of service attacks.
To achieve these goals, different approaches and tools are used:
- Firewalls
- Intrusion Prevention Systems (IPS) / Intrusion Detection Systems (IDS)
- Network Monitoring
- User Authentication and Authorization
- User security awareness training
- The principle of least privilege
- Cryptography
- Vulnerability/patch management
- Monitoring, etc.
We help our clients with audit, design, implementation and support of organizational Information Security Policy, security practices, training, etc.
Tags: availability, confidentiality, information security, integrity, security
Share this page on