Information Security

Information security, also shortened InfoSec, is a set of strategies, methodologies, and practices for managing the tools, policies, and processes to prevent, detect, and document unauthorized access, use, modification, inspection, and disruption of digital, physical or any other form of confidential, sensitive, and private information.

Confidentiality, integrity, and availability together form the core principles and the fundamental concepts of information security. Confidentiality is a set of rules promise that limits and restricts access to particular types of information to unauthorized entities and processes. Integrity is the assurance of accuracy and inclusiveness that the information is accessible over its entire life-cycle.

Some practices would be network management procedures to guarantee data integrity, including monitoring authorization levels for all users, recording system administration actions, parameters, and maintenance activities, and creating disaster recovery plans for occurrences such as power outages, server failure, and virus attacks. Availability means that data should be available whenever it is needed.

Defense in Depth

Defense in depth, also known as “Castle Approach,” is a multi-layer of security controls in an information technology system that assures its protection from the initial creation to the final disposal. This information assurance concept can be divided into three zones: physical, technical, and administrative.

Physical controls are the physical limits that prevent access to the IT system like guards, fences, CCTV systems. Technical controls are the hardware and the software that protects the system and its resources like disk encryption and fingerprints readers. Administrative controls are the policies and procedures that ensure there is a proper guidance available to security.

defense-in-depth-onion-model-1

Defense in Depth: Onion Model.