It is impossible to estimate the volume of information stored in data centers, personal computers, and digital storage devices around the world. One estimate suggests that only Google, Amazon, Microsoft and Facebook have more than 1.2 million terabytes. Then there is the physical data, the millions of folders, the printed books and the notebooks. With so much information in circulation, it is not surprising that there is an entire branch of security designed to protect it. Early information security practices (infosec) have evolved in parallel with the development of written communication. In fact, the Roman Emperor Julius Caesar is considered a pioneer in information security, as he invented the Caesar cipher to protect the information contained in secret messages.
Information security today is inextricably linked to cybersecurity. Although information security covers the storage and transmission of physical and digital data, and cyber security is only aimed at mitigating Internet attacks, the two terms are often used interchangeably. Computer security is another term used alongside information security, but again there are differences. For example, the generic term computer security also includes application security, the process of identifying and fixing code vulnerabilities, and network security, the methods used to defend and maintain computer networks. In the XNUMXst century, most data is stored electronically, so the term information security is generally used as a way to describe the methods used to protect digital data in storage and in transit. The greatest threats to confidential information come from far away from the Internet.
Known as the CIA triad, the three most important principles of information technology are confidentiality, integrity, and availability:
Confidentiality
Confidentiality is one of the pillars of information security and, in many ways, one of the most difficult principles to follow. The challenge is to ensure that sensitive information stays confidential when unauthorized users try to access it, and to put measures in place to identify these impostors. It is important not to confuse confidentiality and confidentiality. Although confidentiality can be classified simply as information accessible to the public or not, information considered confidential can be consulted by anyone authorized to do so. Common techniques to ensure privacy include the use of encryption and cryptography, password protection, and other authentication techniques, such as the Google Authenticator app.
Integrity
In addition to keeping data confidential, companies must ensure that data remains the same unless deliberately changed by an authorized person. Maintaining the integrity of the information guarantees that it is never modified, that these modifications are produced by malicious or accidental means. Companies regularly implement some of the methods we discussed above to prevent accidental and deliberate manipulation of data. For example, a password requirement and automatic logout procedure for an employee's internal email account not only ensures that the account is not accidentally left open, but also protects it from anyone who deliberately tries to access and potentially modify information. Data integrity also refers to the legal obligations of a company. For example, data protection laws protect consumers from the transmission or misuse of their data. The companies promise to maintain the integrity of this data, ensuring that it remains in the same condition as when they were authorized to process it.
Availability
You can think of the concept of availability as the direct opposite of confidentiality. Essentially, this means that the data is easily accessible to those who are authorized to access it. It is often implemented in conjunction with the application of confidentiality measures. It is just as important to have tools that prevent access to information as it is to have tools that allow it. An example of planned availability in an information security plan might be the secure transfer of data to temporary storage devices during a system upgrade. Another might be the inclusion of a backup power source to ensure that authorized users can still access data in the event of power loss.
Digital information is particularly vulnerable to theft or manipulation, especially when it is processed using Internet-based services and systems. Unlike information stored on paper that can be physically locked away in a safe, digital information is much more difficult to contain and protect, especially when it is available online. For this reason, the conversation about threats to information security often focuses on cybersecurity issues.
Social engineering
Many people fall victim to phishing emails and websites that convince them to hand over important credentials that give hackers unauthorized access to information. These scams facilitate access to sensitive data, and companies trusted to maintain the integrity of this data are often legally liable for loss of custody.
Virus
Cyber criminals often attempt to steal confidential information by infecting computer systems with computer viruses. During a malicious attack, sensitive information can be disclosed or destroyed, or in many cases, salvageable. One of the largest ransomware attacks was the WannaCry virus in 2017, which affected some of the largest organizations and institutions in the world.
Denial of service attacks
Denial of service attacks are specifically designed to target the availability of information. By flooding a business's network with traffic, cybercriminals hope to exhaust all resources to maintain it, overwhelming the system and making it impossible to continue authorized requests. In some cases, a ransom is demanded to stop the bombing.
Physical theft
As portable devices are increasingly capable of storing large amounts of data—a high-end iPhone stores up to 512GB—the rewards for stealing these devices continue to grow. Information security measures should also cover devices, such as smartphones and laptops, used by company employees to store and transport information. The work of an information security specialist no longer stops within the confines of a corporate office. Data is in constant motion, both virtually and physically. Finally, a strong and effective information security strategy will ensure that all of the above threats are addressed and mitigated, and most importantly, maintain the confidentiality, integrity and availability of the information for which they were designed. .