Introduction to Information Security
Information Security revolves around the C-I-A triad, or Confidentiality, Integrity, and Availability. Compromising a single principle of the triad breaks security and results in an event at the very least. After an investigation, the event may become a security incident. First off, we need to understand what each principle means.
- Confidentiality - Allowing only authorized people access to data or system configurations.
- Integrity - Allowing only authorized people the ability to modify data or configurations.
- Availability - Ensuring systems are 100% available to authorized people.
The keyword in the definitions is "authorized" meaning that a person or group is granted access to the data, software, and/or hardware. Most people tend to think of security incidents in terms of people, say hackers, insider threats, script kiddies, and even nation state actors. However, availability could be compromised by a power outage and confidentiality by a failure in the door access control system. Not every event is caused by humans just as not every event can be controlled or managed by technology. A well designed information security structure will include administrative, physical, and technical controls. The following are the definitions of those controls:
- Administrative controls are the company's policies regarding passwords, who is allowed access to what, what employees are allowed to do with business information systems, and the possible punishment for breaking a policy. Most importantly, this also includes user training so they are aware of the policies to not only ensure they understand what the policies mean, but to also identify security events to report it and to prevent events from spreading or even occurring in the first place.
- Physical controls are doors with locks to prevent people from walking into areas they are not authorized to be in, cameras, bollards, gates, guards, and fencing. These are implemented by following the policies under the administrative controls.
- Technical controls also use the administrative control policies to create logical barriers like firewalls to restrict or allow Internet traffic, time-of-day login restrictions, use of encryption, authentication and authorization models, and access control lists.
As you are probably starting to see, a lot falls under the realm of information security. Even large corporations struggle to implement security controls and it is more difficult for SMBs (small and medium businesses) to implement solutions within their budgets. Fortunately, Gray Space Defense is here to help by offering Vulnerability Assessments and Vulnerability Mitigation, Windows Hardening or secure configuration, Firewall Configuration and Management, Two-factor Authentication using Smartcards, User Education and Training, Policy and Guideline Development, Secure Network Design, and Information Security Consulting.
Who Needs Information Security?
The short answer to this question is everyone and every electronic device. Gray Space Defense is here to help commercial, industrial, and residential sectors to not only help protect and secure your data, but to reduce the chance of your systems being used in attacks against others. In order to the keep the Internet open and safe, we all must do our part to protect it.
There are plenty of bad people in the world looking to make easy profit. The ways to make money from the Internet is almost limitless as new ways are continually being developed. People will try to obtain your banking and health information, private pictures, confidential business data, new product development, and even your devices' hardware to make a money. Aside from protecting our private data, we also must stop hackers from taking over our devices that may later on be used to attack others. Our devices can even be used to raise money for countries that have economic sanctions held against them.
There is a CyberWar going on and we all have a role. Knowledge is not only power, but provides security and a piece of mind. While the entire Cyber Security industry focuses on the big, profitable corporations, Gray Space Defense is focusing on everyone else. Gray Space Defense will reduce your risks of attacks, exploits, and hacks with prices you will be happy with. If you are curious how Gray Space Defense can help you, please go to the Contact Us page, fill out the form, and send it so we can get back as soon as we can.