search

The managing of what concept below is at the very heart of information security?

1 Jahrs vor
Kommentare: 0
Ansichten: 78

“Is there a difference between cybersecurity and information security?” Not only is this a great question, but it’s something we’ve heard many times before. Cybersecurity and information security are so closely linked that they’re often thought of as synonymous. But, there are some important distinctions between the two.

Show

Below, we’ll explain those distinctions, review a couple important areas of overlap, and discuss why this differentiation — and the evolution of these definitions — matters in the security sector.

What is Information Security?

Information security is another way of saying “data security.” For a more technical definition, NIST defines information security as “[the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.” Most modern business data resides electronically on servers, desktops, laptops, or in the cloud—but before all confidential information migrated online, it was sitting in a filing cabinet. And some confidential information still is. Information security is concerned with making sure data in any form is kept secure.

The key principles of information security - confidentiality, integrity, and availability (CIA)

If you are an information security specialist, your primary concern is for the confidentiality, integrity, and availability of your data (this is often referred to as the “CIA”). These crucial concepts are at the heart of successful information protection.

Confidentiality - The act of protecting data from being observed by any unauthorized persons. An example of protecting confidentiality would be the act of preventing passwords from being stolen or the theft of an employee’s computer.

Integrity - The act of maintaining and assuring the accuracy and completeness of data over its entire lifecycle(1). Essentially, this means that data cannot and should not be modified by any unauthorized persons. A breach of integrity would include something like the implementation of malware hidden in another program. See Solarwinds as an example of a breach of integrity.

Availability - The act of maintaining the ability to access and use data when needed. If there is an attack that brings down your network, whether temporary or locked out, then that is a failure of availability. See the Colonial Pipeline attack as a good example.

What is Cybersecurity?

Cybersecurity is all about protecting data that is found in electronic form (such as computers, servers, networks, mobile devices, etc.) from being compromised or attacked. Cybersecurity involves identifying what the critical data is, where it resides, its risk exposure, and the technology you have to implement in order to protect it.

Where Information Security and Cybersecurity Overlap

There is a physical security component to both cybersecurity and information security.

If an organization had a warehouse full of confidential paper documents, they clearly need some physical security in place to prevent anyone from rummaging through the information. As more data becomes digital, the process to protect it requires more advanced IT security tools. So, while you can’t put a physical padlock on a desktop computer, you can put a padlock on your server room door. In other words, if your data is stored physically or digitally, you need to be sure you have the right physical controls in place to prevent unauthorized individuals from gaining access.

A fictional example where information security and cybersecurity can overlap can be seen in the TV show “Mr. Robot.” The main character, Elliot, overcomes the weakest link in any information security strategy—people—to get access to unprotected internal networks which are not fully cyber secure. As season 1 Ep 5., progresses, Elliot talks his way past a few employees so he can gain access to a secure storage facility and destroy a target company's data tape backups by altering the temperature in a particular room. Although the example in the show may seem overly stylized, it clearly shows the importance of training employees on what to look for in a cybersecurity attacker, whether online or in a physical component, to maintain strong cybersecurity practices.

They both take the value of the data into consideration

If you’re in information security, your main concern is protecting your company's data from unauthorized access of any sort—and if you’re in cybersecurity, your main concern is protecting your company’s sensitive data from unauthorized electronic access. In both scenarios, the value of the data is of utmost importance.

Whether you’re practicing information security or cybersecurity, you need to know what data is most critical to your organization so you can focus on placing the right cyber risk management and monitoring controls on that data. In some scenarios, an information security professional will help a cybersecurity professional prioritize data protection—and then the cybersecurity professional will determine the best course of action for the data protection. 

The Evolution of Information Security and Cybersecurity

Unfortunately, with the changing security landscape over the past decade, things aren’t always this black and white. Over the last decade, we’ve seen a fusion between cybersecurity and information security, as these previously siloed positions have come together. 

The challenge is, most teams don’t have an information security professional on staff—so the responsibilities of a cybersecurity professional have expanded dramatically. Cybersecurity professionals traditionally understand the technology, firewalls, and intrusion protection systems needed, but weren’t necessarily brought up in the data evaluation business.

But today, that is changing.

As this subject becomes increasingly important for businesses, the role of cybersecurity risk management experts is evolving so they can properly protect data. Business partners and investors are increasingly aware of the importance of this topic, and companies are asked regularly about their effectiveness in securing data and managing both physical and cyber risk.

Cybersecurity ratings can help with this task.

What are Cybersecurity Ratings?

Cybersecurity ratings are a tool your organization can rely on to proactively reduce risk throughout your attack surface. Ratings use expansive data-scanning technology to provide an outside-in view of your organization’s security posture, along with your third-party ecosystem.

Instead of taking a guesswork approach to your cybersecurity controls, cybersecurity ratings give you a data-backed view of an organization’s cyber performance. By summarizing data in real-time, ratings are a trusted way to share insights about the effectiveness of your security program and support security performance decision-making.

Because ratings are easy to understand, they can be used to communicate internal and vendor risk to a non-technical audience in the C-suite and boardroom or with the vendor in question. BitSight Security Ratings are similar to a credit score and can range in value from 250 to 900, with a higher rating equaling better cybersecurity performance. Presenting risk in this format makes it easier for everyone to tell how well–or poorly–their organization is protected.  

What differentiates BitSight Security Ratings is that they don't rely on traditional program evaluation techniques like penetration testing, internal audits, questionnaires, or on-site visits. We leverage externally observable data from sources across the world, then map this data to individual organizations. BitSight is the only security ratings provider with proven outside validation of its ratings, which have been demonstrated to correlate with data breach risk as well as business financial performance. We use a dedicated committee to govern our ratings algorithm and associated policies As such, BitSight’s customers can trust our data to make meaningful business decisions based on our cybersecurity analytics.

Communicating cyber risk in financial terms

While security ratings are a useful tool for conveying organizational risk to executives and the board, senior leadership also needs to understand the context behind the ratings. This means one thing: “bottom line it for me.” How will a cyberattack impact our balance sheet? What will it cost the company if it becomes the target of ransomware, denial of service, supply chain attacks, and so on?

That’s where BitSight Financial Quantification comes into play. 

BitSight Financial Quantification complements BitSight Security Ratings by simulating your organization’s financial exposure if it were the victim of a cyberattack. In this way, you can translate the technical side of cybersecurity into terms that executives and board members understand – which can help support justification for cybersecurity funding. As you invest in the right security controls, you can also show how that exposure lessens over time.

Summary of Cybersecurity vs. Information Security

It’s easy to understand why many people discuss cybersecurity vs. information security in the same breath. And, you can see how the questions that information security and cybersecurity try to answer are, in essence, the same:

  1. How do we define what data is critical to us?
  2. How do we protect that data?
  3. How do we measure the impact of our cybersecurity controls?
  4. What areas of our security program need improvement?
  5. How can we effectively report cybersecurity performance to executives and the board?

But they are not the same. Understanding the differences and using the right tools to bridge the gap can go a long way toward ensuring a lower risk profile for your organization.

Get the Weekly Cybersecurity Newsletter

Subscribe to get security news and industry ratings updates in your inbox.

What is at the very heart of of information security?

Confidentiality, integrity and availability, also known as the CIA triad, are at the heart of information security.

What type of control is designed to provide an alternative to normal controls that for some reason Cannot be used?

A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.

Which of the following is a document that outlines specific requirements or rules that must be met?

A policy is a document that outlines specific requirements or rules that must be met.

What kind of policy outlines how organizations use personal information it collects?

Privacy programs are organizational directives used to outline how an organization will protect its customers' and clients' personal information.

managing concept heart information security Information security management

zusammenhängende Posts

The key to managing ____ is to ensure that cash comes in faster than it goes out.
The key to managing ____ is to ensure that cash comes in faster than it goes out.

Why are information systems so essential for running and managing a business today?
Why are information systems so essential for running and managing a business today?

Characters who are highly respected and serve as an ideal role model in a culture
Characters who are highly respected and serve as an ideal role model in a culture

True or false? the tempest program provides guidelines for managing a forensics lab.
True or false? the tempest program provides guidelines for managing a forensics lab.

Who is responsible for managing and coordinating a subscribers health care in an HMO?
Who is responsible for managing and coordinating a subscribers health care in an HMO?

Which of the following statements is a good suggestion for managing cultural diversity?
Which of the following statements is a good suggestion for managing cultural diversity?

Which of the following Big Five trait dimension is most descriptive of an individual who is organized and disciplined in managing his or her work?
Which of the following Big Five trait dimension is most descriptive of an individual who is organized and disciplined in managing his or her work?

What is the primary tool for planning managing and tracking yourself development process?
What is the primary tool for planning managing and tracking yourself development process?

What is the activity of managing the resources which are devoted to the production and delivery of products and services?
What is the activity of managing the resources which are devoted to the production and delivery of products and services?

Summarize the problems that have led to the worldwide problem of managing antimicrobial drugs.
Summarize the problems that have led to the worldwide problem of managing antimicrobial drugs.

Werbung

NEUESTEN NACHRICHTEN

What delivers applications over the cloud using a pay-per-use revenue model?
1 Jahrs vor . durch AsceticTranslation
What processes convert data into information and information into knowledge?
1 Jahrs vor . durch CorruptSolicitation
Fuß umgeknickt keine Schwellung aber Schmerzen was tun
1 Jahrs vor . durch TraceableMeasurement
What can decrease the effectiveness of an mbo (management by objectives) system?
1 Jahrs vor . durch HomesickDumps
Wie viel kostet ein normales Ohrloch stechen?
1 Jahrs vor . durch PitchedContents
Ein Colt für alle Fälle Klingelton Android
1 Jahrs vor . durch MonumentalShaving
Gemeinschaft entwässerung wer ist für zuständig
1 Jahrs vor . durch BarbaricCorrelation
Was ist der unterschied zwischen einem boot und einem schiff
1 Jahrs vor . durch HelluvaNuisance
Wann geht es weiter mit Outpost?
1 Jahrs vor . durch TumblingVariation
Wer ist bei lets danz faisal
1 Jahrs vor . durch SkilledStoryteller

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrkoptzhitthjphi
Urheberrechte © © 2024 nguoilontuoi Inc.