What are the information security fundamentals? In this article, we will tackle the fundamentals of information security.
The Information Security Fundamentals
If you are reading this article. It means you are interested in learning about information security fundamentals.
So the best way to start your learning process. Is to know what information security fundamentals mean.
Information security fundamentals are the basic concepts. That is vital for the security of an organization.
So the primary objective of information security is to protect confidentiality. Also, the integrity, and availability of an organization‟s assets.
These assets can be in the form of information or physical assets. Information security focuses on protecting these assets by using various techniques and tools.
So these techniques and tools can be broadly classified under four categories:
What Are The Four Categories?
Now let us know the four categories that under classified from the following:
Physical controls:
These controls include various measures like locks, fences, motion detectors, etc. It is to protect physical assets like computers, hard-disk drives, printers, etc.
Procedural controls
These controls include policies, procedures, etc. It regulates the behavior of employees working in an organization regarding the handling of data and systems.
So these controls ensure that employees do not create loopholes in the organization‟s. Moreover, an information security policy that can be exploited to breach the organization‟s
Also, information security policy is in favor of an attacker.
Technical controls
These controls are technical mechanisms that are implemented at the hardware. Also, software level for ensuring information security.
For example, Data encryption, firewall, etc. are some common examples of technical controls. It is used to protect an organization‟s information assets from being breached by an attacker.
Management Controls
These controls include various management practices that help implement procedures, policies, etc. So it helps reduce the risk associated with loss.
Also, theft of data by implementing appropriate technical and procedural controls as discussed above. For example management practices to ensure employee‟s compliance.
With policies through awareness programs etc., So this is some common examples of management control used for protecting an organization‟.
Moreover, information assets from being breached by an attacker.
Categories of Information Security
The categories of information security are the basic concepts. That is vital for protecting an organization‟s information assets.
For example confidentiality, integrity, and availability are some common examples of information security categories.
So what are these categories? Well, let us know.
Confidentiality
What is confidentiality? It means that an uninformed person should not be able to gain access to any specific information.
Also, under the conditions of him being allowed to have access to all information at the same time. For example, it is the responsibility of the organization‟s security manager.
It is to ensure that no unauthorized person can gain access to an organization‟s confidential information.
Integrity
What is integrity? It means that the information should not be altered or modified without proper authorization. For example, it can be achieved by various means like hashing.
Availability Fundamentals
What is availability? It means that the information should be accessible by authorized users at any time and from anywhere.
For example, physical access to servers. It can be restricted by using locks, etc.
Also, logical access to servers can be restricted by using passwords, etc. For example, passwords are used for authentication purposes.
Also, port-based access controls are used for controlling logical access to servers at the packet level. So availability means that information should be accessible by authorized users at any time and from anywhere.