Information security for beginners became important in today’s technical environment. Especially with the number and cost of cyberattacks.
What Is Information Security For Beginners?
The process of maintaining confidentiality called information security. Also, ensuring integrity and assuring the availability of the information.
Information security does a constant evolving process. Besides, employees can play a key role in this process.
Common Threats To Informations Security
These threats include but not limited to.
Human
Many different motivations waiting for human related threats. These motivations may include but not limited to. Financial gain and revenge. As well as political agendas.
Examples of human threats include:
- Disgruntled employees
- customers
- criminals
- terrorist
- Hackers
Technical
Examples of technical threats include:
- Configuration errors
- Out-of-date equipment or software
- Malicious codes, such as virus
Environmental
Examples of environmental threats include:
- Flounce or stalk
- Power blackout
- Fire
- Severe weather
- Pandemic
Control Implemented By Organizations
An organization implements controls. Also an attempt to cut the possibility of a negative impact. Especially from the threat. In addition, controls categorized as:
Physical Controls
Items related to the physical environment. Such as, doors, locks, fire extinction, and etc.
Technical Controls
Items such as anti-virus software, firewall, and etc.
Administrative Controls
Items such as formal and informal policies and procedures. Also include codes of conduct, in set we used policies and non disclosure-agreements.
Controls others further categorized as preventative or detective. In this case a preventative control attempts to minimize the likelihood of an action. Such as, a lock on a door. While a detective control attempts to identify if there’s an unauthorized activity. Such an alarm or siren.
What Does This Mean For You?
Employees play a key role in information security. Importantly, they should know the importance of information security. Also, the reason for controls. Therefore, the company’s overall information security strengthens.
Importance of Information Security For Beginners
In today’s environment information security is a must. Because of an unauthorized disclosure or disruption. As a result we became devastated and affecting the company’s reputation. Also, in many cases, there are regulatory requirements as well.
General Do and Don’ts
- Do. Understands the importance of information security. Because of the action of the employees can improve security. On the other hand, it can also weaken security.
- Do not attempt to bypass your company’s security systems. Including, policies, procedure, software and others. If there’s an issue with the process, bring it up to your supervisor.
Key Controls Employees Should Follow
Physical Security
- Access
- Clean Desk (put things away)
- Lock pending disposal
- Shred
- Lock computer / device
Password / Authentication
- Do not share with others
- Do not disclose or store unsecured
- Change passwords periodically
- Use secure / strong passwords
- Use least privilege
- Enable or used multifactor systems when possible
Single Sign-on
- Use if available
- Reduces risk of going to wrong site
Rogue Wi-fi
- Unknown wi-fi
- Risk of man-in-the-middle
Keystroke Logging
- Captures user input
- Often use to capture credentials
- Hardware or software
- Do not use unknown systems
Remote Access
- Approved systems
- Keystroke logging / monitoring
Social Engineering
- Attacking the human
- Often the weakest area of security
In summary, information security can be complex. But, employees maintaining a few key principles can greatly improve general security. Firstly, as an employee, do not try to bypass security controls. Secondly, physically secure confidential material. Thirdly, practice safe internet and email use. Fourthly, be aware of social engineering. Such as phishing. Finally, report suspicious activity.