SOME CORE AREAS OF INFORMATION SECURITY
Information security has been a major issue in recent times. The use and disclosure of information in such a way that the information does not cause any harm to the persons concerned is very important. There different areas of information security, these include:
Access: This is the ability to use, manipulate, modify, or affect another subject or object. Information access is only granted to those considered as authorized users. Any user who accesses information without authorization is considered a hacker and such an act is a violation of the information security laws.
Asset: In this area, an asset is what is being protected whether a logical asset such as website, information or data. It could be a physical asset such as computer system, equipment or humans. The aim of information security is to protect every information asset.
Attack: This is any act that has the ability to cause harm or damage or even compromise the confidentiality, integrity or availability of information. It could be intentional or unintentional, passive or active, direct or indirect attack.
Control, safeguard, or countermeasure: These are security mechanisms, policies, or procedures that are used or can be used to prevent hazards, reduce risks and improve the security of a system.
Exploit: This is any technique that is used to compromise a system or a planned process that is used or can be used to take advantage of the vulnerability or exposure of a system or information
Exposure: In information security, an exposure can only exist when there is a vulnerability that is known to an attacker.
Loss: This happens when an information asset has been attacked, exploited or exposed and without authorization.
Protection profile or security posture: These are the total and complete set of controls and safeguards that an organization implements or fails to implement in order to protect the asset.
Risk: This is the probability that a hazard will occur that will affect the information.
Vulnerability: This is a weaknesses or flaw in an information system or information protection mechanism that exposes the information to a risk