These tools are part of your private information security system
● Information security
Why is information security not related to data and digital data?
Your report is not exactly like, because information security is concerned with protecting digital information on the network or physical (paper) information such as corporate archives. As for the thing related to digital data security, its name is Cyber-Security, and this difference must be known before we start the definition series on cybersecurity.
1: the label
The meaning of the word Cyber is a term often used to describe the space that includes computerized networks, communication networks, information, and remote control systems. The uses of cyber differ from one country to another according to the priorities of the countries: there is civilian cybersecurity and intelligence, and also adding the word cyber to anything else that gives it an electronic meaning such as cyber-security, which means cyber-security, and cyber-attack, which means cyberattacks, but when your ears touch the word cyber Know that it is used in the sense of "cyberspace".
2: What is cybersecurity
The most important thing in the digital world is the data because if you imagine you have a pharmaceutical company, for example, a huge research worker and you are tired of yourself, and easily anyone comes and controls the data, whether by encrypting it or by leaking it and selling it to competing companies, Unfortunately, your loss will be great in the case, so you must protect and ensure that the data will not arrive For unauthorized persons to access, therefore, cybersecurity is a statement of the following methods and technologies designed to preserve this digital data, whether it is on our own computers or stored in servers, electronic systems, networks ... etc.
3: the CIA Triangle
What is the definition or meaning of the security triangle (confidentiality, integrity, and availability of information) CIA:
Confidentiality: Confidentiality of information is intended to ensure that information is only accessed by persons authorized to access this information, in addition to laying the foundations and standards for the access process and the necessary powers for that, in a way that categorically guarantees that only the persons authorized to access this information can obtain it and no one else Else can.
Integrity: Integrity is to maintain consistency and accuracy of data throughout its entire life cycle and to ensure that it is not changed or replaced during the information life cycle. The data must not be altered in transit, and steps must be taken to ensure that the data cannot be altered by unauthorized persons.
These measures include file permissions and user access controls. It may use some tools or software to prevent wrong changes or accidental deletion by authorized users.
Additionally, some means must be available to detect any data changes that may occur as a result of non-human events or server downtime. Encryption may be used to verify integrity.
Backups or duplicates should be available to restore the affected data to its correct state.
Availability: Availability of information means that information is available when requested or needed at any time. Availability is best assured by keeping all hardware in proper and functional conditions, making repairs promptly when needed, and ensuring that the operating system gets the necessary updates and upgrades.
A comprehensive disaster recovery plan is desirable. Preventive measures must be in place against data loss or interruption in communication due to unforeseen events such as natural disasters and fires.
To prevent data loss from such incidents, a backup may be stored in a geographically isolated location, and possibly even in a fireproof and waterproof safe.
Hardware or software must be protected from downtime and inaccessible data due to malicious actions such as DOS denial of service attacks and network intrusions with firewalls and IDS / IPS proxies.