What is Information Security-Reply to three post. Ask questions and go into depth.

Reply to three post. Ask questions and go into depth.

POST #1
Hello Class,

According to National Institute of Standards and Technology (2022), the term ‘information security’ means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability. Over the last 10+ years, we’ve seen how important Information Security has become. Information Security is a plan that is made to ensure vital information do not fall in the wrong hands. We’ve seen this happen with business breaches like the Yahoo breach of 2013. This was one of the biggest breaches of a computer company. The breach affect all 3 billion customers that used Yahoo services. Hackers were able to get customers: Names, Birthdates, Phone Numbers and Passwords. According to The New York Times (2017), “Yahoo sold itself to Verizon for $4.48 billion in June. But the deal was nearly derailed by the disclosure of the breaches and $350 million was cut from Verizon’s original offer. Using this example as a guideline to understand InfoSec, we can see a few components that make up InfoSec are:

Security Awareness: Ensuring you have a trained team who is constantly checking your security systems to ensure that everything is up to date and all the information that comes through your venture is properly safe guarded. Many business fail to keep their systems up to date allowing hackers to breach their systems easier.

Understanding Policies: Ensure every employee understand the policies of InfoSec. Train them on how to process and destroy information that is consider vital or PPI properly. This can be by having everyone take yearly or monthly courses that will keep them up to date on all procedures.

Incident Response: Ensuring everyone understand how to handle all InfoSec incidents to have problem handled immediately instead of over time allowing hackers to obtain more information.
Delorico Scott

POST#2
Hello class,

Information security is an area of study where many key components work together to protect the integrity, confidentiality, and availability of data and information systems. To begin with, one of the most important aspects of information security is access control. This means managing who inside an organization has access to what information (Microsoft, 2023). Organizations may guarantee that only authorized persons have access to sensitive data by putting authentication techniques like passwords, biometrics, and multi-factor authentication into place. That is assuming there is no malicious actor exploiting the system. Furthermore, encryption is essential for protecting data while it is in transit and at rest. Data can be jumbled using encryption techniques like symmetric and asymmetric encryption to make it unintelligible to unauthorized users who could intercept it. In this manner, data is safe and difficult to abuse, even in the event of a breach or theft (Cisco, 2018).

Security monitoring and incident response are essential components of information security. Consistent surveillance of networks and systems enables companies to identify possible risks at an early stage. Having a strong incident response strategy allows organizations to promptly and efficiently address security problems, minimizing any resulting harm (6Clicks, 2023).

Moreover, personnel security awareness and training initiatives are included in information security. Internal hacking risk may be greatly decreased by teaching employees about cybersecurity best practices, such as how to spot phishing efforts and the value of routine software upgrades. (Hickey, 2018)

All things considered, information security is a large topic that includes a variety of technical and non-technical procedures used to safeguard sensitive data assets from malicious attackers or illegal access. Organizations may maintain the resilience of their digital infrastructure and set up a robust defense against changing cyber threats by including these essential elements in their overall security plan.

I hope you all have a great week, and I cannot wait to read what the rest of you have to say in your posts and what thoughts you have on mine.

Brandon Olson
POST#3
Good evening class,
I think information security, which is often synonymous with cybersecurity, is the goal that is achieved by the proper implementation of a comprehensive security strategy. The National Institute of Information Technology (NIST) defines information security as, “The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide confidentiality, integrity, and availability (National Institute of Standard and Technology, n.d.).” To establish a standard framework for government and private industry to risk to their information asset, NIST developed and maintains the SP 800-53 “Risk Mitigation Framework,” as a methodology to account for risks and mitigations across their respective enterprise (Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, U.S. Department of Commerce, n.d.-b). A security strategy addresses the risks and mitigations to a company’s business assets ranging from people and physical assets to trade secrets and data backups.
Based on your respective industry, information security has governmental and regulatory guidance for compliance and auditing. For example, companies that store credit card information must adhere to PCI Security Standards Council compliance standards (PCI Security Standards Council, 2024) to not be found financially liable when a data breach occurs. Regardless of the industry, successful execution of information security requires due diligence on the part of senior management strategy approval and daily due care implementation down to the lower-level employees and subcontractors.
In today’s threat landscape, where “84% of data breaches involve external actors, 74% involved a manipulated human element, and 24% involved ransomware, (2023 Verizon Business data breach investigations report),” organizations must be constantly monitoring, assessing, and improving their security posture to maintenance pace with threats to their assets.

V/r,
Cliff

Last Completed Projects

topic title academic level Writer delivered