Information security | Security Assessment and Testing
Introduction to the field of information security. It discusses why securing sensitive information is so important today and defines some of the basic terminology of the industry. It will also define the different types of cyber attacks.
As you take this course, you may or may not be interested in more formal Information Security Certifications. This module will introduce the key certifications in the industry, as well as how those certifications are broken down by topic.
The Need for Information Security
Securing sensitive information has never been a higher priority for nearly all organizations, including companies, government agencies, universities, and just about every organization that stores or exchanges electronic data and information.
Organizations are increasingly concerned about the loss or theft of electronic information, known as a data breach. A data breach is the unintentional release of secure electronic information through loss, theft, or unauthorized intrusion, either from within the organization or from external sources such as hackers. Typically, hackers —also known as crackers— are those who exploit security weaknesses in computer systems or networks to gain unauthorized access to information, cause mischief, or make changes to files, settings, or systems. (There are also ethical hackers, sometimes known as white hats, who expose vulnerabilities in networks so they can be corrected.)
Data breaches from unauthorized access by individuals within an organization and unintended loss of information have also become more common. Data can be lost or stolen over a network or system or lost via a desktop computer, laptop, mobile device, storage device, chip, disk or anything that can store or transmit data.
Indeed, cyber attacks and data security lapses have become so common that many organizations have changed their overall approach to data security. Rather than try to build an impenetrable wall around all the systems and data in an organization, many organizations are taking a risk-based approach to data security. This approach assumes that the network can never be 100 percent secure but instead tries to limit the losses of any potential attacks or breaches by providing the greatest level of security to the most important data.
Poor Security Is Costly
Cleaning up from such attacks can be costly. Target’s breach cost the company $252 million, according to company filings. Home Depot spent $63 million after hackers stole credit card data in 2014. Sony paid $171 million to clean up after an attack on its Sony PlayStation gaming network in 2011.
Such expenses can include the cost of beefing up network security, hiring more security professionals, and handling lawsuits that are inevitable after a large breach. Companies will also often pay for identity theft protection for customers or associates who were affected by the loss of data. But those costs often don’t include lost business and damage to the organization’s brand or reputation.
Complexity and the Explosion of Data
Among the reasons for the exponential increases in cyber attacks and compromised data is the growth in storage capability, along with the appetite for organizations to collect and store oceans of data and the decline in the cost to store information electronically. More companies, government agencies, and organizations of all types are retaining more information, whether from customer or stakeholder interactions with Internet sites, mobile apps, point of purchase systems, and other electronic exchanges of information. And new sophisticated tools to help organizations classify and analyze such information, collectively known as Big Data analytics, have only increased that appetite.
As companies and other organizations move more of their systems and processes online—and the sensitive data that goes along with them—and increasingly rely on mobile technology, the need to secure those systems will continue to grow.
Just think about how much of our own information is now available online, from our bank account data, credit cards, purchases, and personally identifiable information (PII)—that is any data that can be used either by itself or in combination with other information to identify, locate, or connect with a specific individual.
Compliance Requirements
There are also legal requirements on companies and other organizations to take steps to protect the data of customers and others. Nearly every state has its own set of data privacy and breach notification laws. More laws are cropping up around the world, too, including rules from the European Union that impact the data collection, storage, and security practices of organizations that operate around the world.
Every worker in the organization is responsible for upholding the security of data and information related to his or her job. Employees who are not information security specialists must be trained to be aware of what business activities keep informational assets safe and when and to whom to report evidence of security breaches.
Information security specialists will be actively involved in planning and designing the defensive shield, managing access controls, installing and updating the information security system architecture’s hardware and software, identifying threats and vulnerabilities, and improving the strategy for defending against data security breaches.
Recommended for You
