Information security in its shortened form called Info Sec is the prevention of unauthorized access, disclosure, modification, use, disruption and inspection of information. Info Sec is a general term used for security of data both in electronic or physical form. Information security may also be referring to security measures against the denial of service to authorized users.
Using the strategies of Info-sec the security processes are managed, tools and policies are applied for preventing documents and threats to digital and non-digital information are counted. Info-Sec ensure an established set of business processes for protecting information regardless of its type, format and form. In whether type, format and form the data is, Info-Sec policies are responsible for its safety.
Employing Cyber Security Groups for safety
For maintaining organizational Info Sec program, large enterprises are employing dedicated security groups. Led by chief information security officers, the group conduct risk management for assessing vulnerabilities and threats to information security and appropriate protective controls are applied. For national level of defense Cyber Security Centres are established like NCSC for cyber security UK that struggle for protection of Information Security nationwide.
Threats to Information Security
Many different forms of threats to sensitive and private information exist. Using on time incident response plan, updated defense controls can be applied and the cause can be removed.
Common Information Security threats are:
A form of fraud in which attacker try to learn login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels. The credentials are then used for changing account details and hacking purposes.
These are programs or files that are harmful to information. The program includes computer viruses, worms, Trojan horses and spyware. These programs perform a variety of functions like stealing, encrypting/decrypting & deleting sensitive data, altering core functions and monitoring information without permission.
A virus is a small piece of software that can spread amongst infected computers. The virus could corrupt, steal and delete information. Virus can also spread itself into other computers by using others programs like email program.
These are computer programs that can self-replicate without using a host program. Such programs alter information without any human interaction or directions from a malware author.
This is another malicious program designed to appear like a legitimate program. These programs execute its malicious functions once installed and activated.
This is the most well-known program in computer world for stealing and collecting information and can observe user’s browsing activities. Spyware is having a significant impact on privacy. For mobile phones if they are infected with Spyware, it will record phone calls, log browsing activity and keystrokes, and monitor the phone owner’s location.
Malware like ransomware are designed for special purpose of encrypting information on systems. Cyber-criminals then demand ransom payment from users to decrypt the system data again.
These are a collection of tools for obtaining administrator-level access to a system and network. Rootkit can be installed on systems after exploiting a security hole in a legitimate application and can record keystrokes if containing spyware.
These viruses are malicious programs that secretly create a backdoor in infected systems allowing the threat actors to remotely access it without alerting the user or the system’s security programs.
Develop countries are in implementation of new measures and Cyber Security defenses to ensure Info-Sec for enterprises. Like National Cyber Security Centre (NCSC) opening for cyber security UK which is a new part of the GCHQ intelligence service for protecting UK against cyber-attacks particularly for safety of critical national infrastructure.