What is Information Security
Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorised access, use, disclosure, disruption, modification, inspection, recording or destruction of information. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). A principle which is a core requirement of information security for the safe utilisation, flow, and storage of information is the CIA triad. CIA stands for confidentiality, integrity, and availability and these are the three primary objectives of information security
For decades’ enterprises have been spending a ton of money or so-called bigger portion on security measures protecting the user, data and other artefacts. It’s merely two folds’ approach internal and external which gets wrapped around services for what falls in the perimeter like information, data, application, architecture governance & process etc. Similarly, for outer boundaries on how to protect from attacks, Trojans, malware for the similar services.
Internal vs internal factors debate and no one can take a precedence over other. The aspects are who gets impacted the most and where the pitfalls lie more often than not. Based on the recent attacks and surveys it’s the internal security breaches through which the bigger scandal happens. It’s not the system or software, or malware is too high to bypass and break into it. More often than not it’s the individual that makes it happen by sitting inside the protected walls and spreading the same to all.
Security awareness and behaviours is a crucial component here since irrespective of boundary’s and tools protection if insider of the house spread something or falls into the mischievous traps it’s bound to happen. The malware and hackers have become so smart that they use the social intelligence, masking the information and almost make it realistic that anyone can fall in the trap. Viruses, spyware, unsafe websites, phishing, spoofing and botnets are often camouflaged and difficult to detect. They can be patient and may sit waiting to strike just like this chameleon. They may be lurking in your system already waiting to snatch your data and information like an unsuspecting meal.
What is Security Posture
Ongoing employee education, risk assessments, and executive management and board level support. Many organisations perform information security education as a need, rather than a business requirement. Employees are one of the most significant risks to the information security posture of any organisation
Security Posture. … The security status of an enterprise’s networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defence of the enterprise and to react as the situation changes.
Key Security Trends
Over the last five years’ industry has taken a lot of new dimensions around every domain. Specifically, around security which is horizontal and will cut across areas to becomes relevant and ensure how and where it is placed and gets addressed.
Below table depicts few trends based on the description and where and what all security controls are necessary to be placed.
The 16 most significant data breaches of the 21st century
Well below is the compiled list of most significant data breaches in 21 centuries, there have been more which have gone unnoticed and not disclosed. The amount of loss and information theft is so tremendous that the predicted cost is in millions or billions of dollars. What is not and mostly cannot be accounted for is the amount of effort, pain and agony that one will go through based on what kind of information went on a stake because of the breach.
What is common and cause for it?
There is lot common based on the last research done by Verizon and other independent companies, top eight reasons came out and most of it user related which is the insider threat, nothing that invaded a tool, hardware or software. It is simple that one user became a target and spreader the information which let the whole scandal happen slowly and gradually.
It is not the intended purpose of the user to be part of it or execute because of behaviour. He is targeted based on specific time, profile, social relevance and expression which is being watched and monitored by these software and people based on how big or small of the breach is targeted.
- Weak and Stolen Credentials, a.k.a. Passwords
- Back Doors, Application Vulnerabilities
- Malware
- Social engineering
- Too Many Permissions
- Insider Threats
- Physical Attacks
- Improper Configuration, User Error
Verizon Report: Top 9 Causes of Data Breaches
Combatting the Common Causes of Data Breaches
Education, behaviour & responsibility are the essential elements on top of the barriers that have been defined by the organisation from tools, governance, hardware and processes in place for protection. The attacks and malware are not new, its been around for ages, they just changed to the pattern to penetrate and ways to get into the system and target the innocents and least educated ones.
References:
- https://www.csoonline.com/article/2130877/data-breach/the-16-biggest-data-breaches-of-the-21st-century.html
- Wikipedia for security definitions
- The Top 17 Security Predictions for 2017
Managed security services
Our organization categorizes security into multiple services covering all aspects to cover the entire data centre from an application, business to data management solutions. Below is the snippet how it needs to be managed and controlled from all areas to ensure its protected.
On top of the service, it has always been the governance, policy & framework which is the stepping stone of defining strategy and putting together all pieces based on the industry vertical and other key requirements defined by the business. Below is how we categorize and offer those services for our customer.