Information Security
Héctor Chocobar Torrejón
Ingeniero en Sistemas | Profesor Universitario | Senior Mentor | Data Science Engineer | Full-stack Developer
Information security is the application of security controls to protect information and information systems from unauthorized access.
The Information Security Triangle
Information security?seeks guarantee the security triangle. The triangle is made up of three principles, confidentiality, availability, and integrity of information. This means protecting applications from treats, in order to guarantee the success and continuity of the business.
Confidentiality?attempts to ensure that only authorized users can access information.?Integrity?seeks to guarantee that the information is not lost or damaged. Finally,?availability?tries to guarantee that the information can be accessed by authorized users when and where they want.
These three concepts are important to protect a business from?threats?caused by vulnerabilities.?Attacks?by hackers generally exploit?vulnerabilities. Although sometimes?hackers?are able to use social engineering to gain access to confidential information.
Vocabulary
Information Security
Information security is the application of security controls to protect information and information systems from unauthorized access.
Confidentiality
Confidentiality is the concept of assuring that private information is not disclosed to unauthorized individuals. Only those who are authorized to view the information are allowed access to it.
Availability
Availability is the concept of ensuring information is not denied to authorized users, and that the requirements to access it are not too difficult.
领英推荐
Integrity
Integrity is the assurance that information is changed only in a specified and authorized manner. This means that some policies should be in place to allow users to know how to utilize their system properly.
Threat
A threat is an action that can harm information and information systems by exploiting a vulnerability. Security threats include computer viruses like ransomware or unauthorized access through an unpatched hole.
Hacker
A hacker is the common term for anyone that gains unauthorized access to a system by using a vulnerability or by obtaining access to an authorized account.
Vulnerability
A vulnerability is a weakness in the information system that can be exploited by a cyber attack. Examples of vulnerabilities are: a weakness in a firewall that lets hackers get into a computer network, weak passwords, software infected with virus and missing data encryption.
Attack
An attack is an unauthorized action against an organization to damage or cause harm to information systems. Cybercriminals employ many types of attacks to break into computer networks and steal intellectual property, customer information, and financial information.