In connection with the development of information technologies and the computerization of the economy, one of the most important issues in the company's activities is ensuring information security.
Information is one of the most valuable and important assets of any business and must be properly protected.
What does the term "information security" mean?
Information security is the preservation and protection of information, as well as its most important elements, including systems and equipment designed to use, store and transmit this information. In other words, it is a set of technologies, standards and management practices that are necessary to protect information security.
The goal of information security is to protect information data and the supporting infrastructure from accidental or intentional tampering that could result in data loss or unauthorized modification. Information security helps ensure business continuity.
For the successful implementation of information security systems in an enterprise, it is necessary to adhere to three main principles:
Confidentiality. This means putting in place controls to ensure that enterprise data, assets and information are sufficiently secure at various stages of business operations to prevent unwanted or unauthorized disclosure. Confidentiality must be maintained while storing information, as well as in transit through ordinary organizations, regardless of its format.
Integrity. Integrity deals with the controls that are concerned with ensuring that corporate information is internally and externally consistent. Integrity also ensures that information is not corrupted.
Availability. Availability ensures reliable and efficient access to information by authorized persons. The network environment must behave in a predictable manner in order to access information and data when needed. System failure recovery is an important factor when it comes to information availability, and such recovery must also be provided in a way that does not adversely affect operation.
Information security control
You need to understand that only a systematic and integrated approach to protection can ensure information security. The information security system must take into account all current and probable threats and vulnerabilities. This requires continuous real-time monitoring. Control should be carried out 24/7 and cover the entire life cycle of information - from the moment it enters the organization, and until its destruction or loss of relevance.
Selecting and implementing appropriate security controls will help an organization reduce risk to acceptable levels. There are the following types of control:
Administrative. The administrative type of control consists of approved procedures, standards and principles. It forms the framework for doing business and managing people. Laws and regulations created by state bodies are also one of the types of administrative control. Other examples of administrative controls include corporate security policies, passwords, recruitment, and disciplinary actions.
Logical. Logical controls (also called technical controls) are based on the protection of access to information systems, software, passwords, firewalls, monitoring information and access control to information systems.
Physical. This is the control of the workplace environment and computing facilities (heating and air conditioning, smoke and fire alarms, fire protection systems, cameras, barricades, fences, locks, doors, etc.).
Information security threats
Information security threats can be divided into the following:
Natural (cataclysms beyond human control: fires, hurricanes, floods, lightning strikes, etc.).
Artificial, which are also divided into:
- unintentional (committed by people through negligence or ignorance);
- deliberate (hacker attacks, illegal actions of competitors, revenge of employees, etc.).
Internal (threat sources that are inside the system).
External (sources of threats outside the system)
Since threats can affect the information system in different ways, they are divided into passive (those that do not change the structure and content of information) and active (those that change the structure and content of the system, for example, the use of special programs).
The most dangerous are deliberate threats, which are increasingly replenished with new varieties, which is associated, first of all, with the computerization of the economy and the spread of electronic transactions. Attackers do not stand still, but are looking for new ways to get confidential data and inflict losses on the company.
To protect the company from the loss of funds and intellectual property, it is necessary to pay more attention to information security. This is possible thanks to the means of protecting information in the face of advanced technologies.
Information security protections
Information security protection tools are a set of technical devices, devices, devices of various nature that prevent information leakage and perform the function of protecting it.
Information security tools are divided into:
Organizational. This is a combination of organizational and technical (providing computer facilities, setting up a cable system, etc.) and organizational and legal (legislative base, statute of a particular organization) means.
Software. Those programs that help control, store and protect information and access to it.
Technical (hardware). These are technical types of devices that protect information from penetration and leakage.
Mixed hardware and software. They perform the functions of both hardware and software.
Due to the rapid development of IT, more and more frequent cyber attacks , computer viruses and other emerging threats, information security software is the most common and in demand today.
Types of information security tools:
Antivirus programs are programs that fight computer viruses and restore infected files.
Cloud Antivirus ( CloudAV ) is one of the cloud-based information security solutions that uses lightweight agent software on a protected computer, offloading most of the information analysis to the provider's infrastructure. CloudAV is also a solution for efficient virus scanning on devices with low processing power to perform the scans themselves. Some cloud antivirus samples are Panda cloud Antivirus , Crowdstrike , Cb Defense and Immunet .
DLP ( Data Leak Prevention ) solutions are protection against information leakage. Data Leak Prevention (DLP) is a set of technologies aimed at preventing the loss of sensitive information that occurs in businesses around the world. The successful implementation of this technology requires considerable training and meticulous maintenance. Businesses wishing to integrate and implement DLP must be prepared for a significant effort that, if executed correctly, can greatly reduce the risk to the organization.
Cryptographic systems - the transformation of information in such a way that its decryption becomes possible only with the help of certain codes or ciphers (DES - Data Encryption Standard , AES- Advanced Encryption standard ). Cryptography provides information security with other useful applications, including advanced authentication methods, message digests, digital signatures, and encrypted network communications. Older, less secure apps like Telnet and File Transfer Protocol (FTP) are slowly being replaced by more secure applications such as Secure Shell (SSH), which use encrypted network communications. Wireless communications can be encrypted using protocols such as WPA/WPA2 or the older (and less secure) WEP. Wired communications (such as ITU-T G.hn) are secured using AES for encryption and X.1035 for authentication and key exchange. Software applications such as GnuPG or PGP can be used to encrypt information files and e-mail.
Firewalls (firewalls or firewalls ) - network access control devices designed to block and filter network traffic. Firewalls are usually classified as network or host servers. Network-based network firewalls are located on LAN, WAN, and intranet gateway computers. These are either software devices running on general purpose hardware, or firewall computer hardware devices. Firewalls offer other functions for the internal network they protect, such as being a DHCP or VPN server for that network. One of the best solutions for both small and large businesses are CheckPoint firewalls .
VPN ( Virtual Private network ). A virtual private network (VPN) makes it possible to define and use a private network within a public network to send and receive information. Thus, applications running over VPN are reliably protected. A VPN allows you to connect to your internal network from a distance. Using a VPN, you can create a common network for enterprises that are geographically distant from each other. As for individual network users, they also have their own benefits of using a VPN, as they can protect their own activities with a VPN, as well as avoid territorial restrictions and use proxy servers to hide their location.
proxy server is a specific computer or computer program that acts as a link between two devices, such as a computer and another server. The proxy server can be installed on the same computer as the firewall server, or on a different server. The advantage of a proxy server is that its cache can serve all users. Internet sites that are most frequently requested are most often cached by the proxy, which is undoubtedly convenient for the user. Locking your interactions with a proxy server is a useful troubleshooting feature.
Information security monitoring and management systems, SIEM. To identify and respond to emerging information security threats, a SIEM solution is used that collects and analyzes events from various sources, such as firewalls, antiviruses, IPS, operating systems, etc. Thanks to the SIEM system, companies have the opportunity to centrally store event logs and correlate them, identifying deviations, potential threats, IT infrastructure failures, cyber attacks , etc.
Special attention should be paid to managing mobile devices in the enterprise, as many employees often use personal smartphones, tablets and laptops for corporate purposes. Implementation of special solutions such as VMware airwatch , IBM MaaS360, blackberry Enterprise Mobility suite , VMware Workspace One will help you better control employee mobile devices and protect company data.