Information Security Services, Threat Assessment, Vulnerability Assessment and Penetration Testing

Basic Information Security Concepts

With the explosion of information and easy connectivity across global computers, information security plays a very crucial role for individuals and companies alike.

Information security is needed to:

  • protect valuable data
  • maintain data integrity
  • comply with laws
  • prevent breakdowns in production
Let’s first define what is meant by information security. The most accepted definition of information security is that it is the confidentiality, integrity, and availability of information.
Indeed, all the principles, standards, and mechanisms focus on these three abstract but fundamental goals of information security. The gamut of information security services offered today is based on addressing the above concerns.

Let us talk about each term briefly.

Confidentiality
Classified information that should not be accessed by anyone except authorized personnel is called ‘confidential’.
When information is read or copied by someone not authorized to do so, the result is known as loss of confidentiality. Some examples of data that needs to be kept confidential are bank data, credit card data, research data and defence data. Any breach that leads to inappropriate access of this kind of data results in loss for the organization / individual.

Integrity
When unscrupulous elements manipulate data due to low or no security, information gets corrupted. When information is so modified in unexpected ways, the result is known as loss of integrity. There are many mechanisms where integrity of data can be protected. They may be classified broadly as: preventive (such as information access controls like passwords, etc.) and detection mechanisms that keep a watch on unauthorized modifications. A few examples of threats to data integrity are malware and insecure networks. Data integrity is especially vital for critical safety and various kinds of financial data.

Availability of Information
Availability aims to ensure that information is readily accessible to authorized users. Availability of information is often the most important attribute in service-oriented businesses like ERP, inventory and ticketing systems.  Hacker attacks against availability are known as denial of service (DoS) attacks. Of course, non availability of information can occur due to natural calamities or human errors. For those businesses / services that rely on information, ready availability of network connection is also highly important. Without this availability, nothing can be done. To make information available to those who need it and who can be trusted with it, organizations use authentication and authorization.

You may also like to read: