Information Security VS Cybersecurity VS Ethical Hacking
Understand the core Concepts of Information Assurance & Infosec
What is Information Assurance?
Information assurance is the parent tier of security and further divides into sub-branches. IA uses availability, integrity, confidentiality, authentication, and non-repudiation to defend and protect information systems. IA concerns with the accuracy, durability, and recoverability of data, as well as its security.
Five Pillars of Information Assurance
The U.S. Department of Defense has promulgated the Five Pillars of Information Assurance model that includes the protection of confidentiality, integrity, availability, authenticity, and non-repudiation of user data.
The Concept of Information Security
“We recognize that information security must be baked into everything that we do.” Phil Crompton.
The majority of today’s corporation information is held digitally on servers, the internet, or computers. InfoSec is the process of protecting information regardless of its type. The information security concern is confidentiality, integrity, and availability of data, it’s called CIA triad.
Confidentiality: Data or information is not made available or disclosed to unauthorized persons.
Integrity: The accuracy and completeness of an item.
Availability: Ensures that the systems responsible for delivering, storing, and processing data are available and accessible as needed by individuals who are authorized to use the resources.
Authenticity: This security measure is designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific information. Authentication prevents impersonation and requires users to confirm their identities before being allowed access to systems and resources. This includes user names, passwords, emails, biometrics, and others.
Non-Repudiation: This attribute assures the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither party can deny sending, receiving, or accessing the data. Security principles should be used to prove identities and to validate the communication process.
What is Cyber Security?
“Cybersecurity is a shared responsibility, and it boils down to this: In cybersecurity, the more systems we secure, the more secure we all are.” – Jeh Johnson
Cybersecurity is a branch of information security. Cybersecurity protects information systems such as hardware, software, and information. It is about figuring out what sensitive information is, where that’s stored, how vulnerable that is, and what technologies you will need to secure that.
What is Ethical Hacking?
Hacking involves a different way of looking at problems that no one’s thought of. – Walter O’Brien
Ethical hacking is a sub-branch of cybersecurity that aims to assess the integrity of systems networks and assess risks. It involves detecting and seeking to bypass any loopholes to check if a security breach or other unethical activity is achievable. Organizations hire ethical hackers to find flaws in their infrastructure.
Ethical hackers use their expertise, several strategies to evaluate and circumvent organizations’ IT stability, also report their results, and guide how to improve organizations’ overall security.
Understand the Concept of Information Protection
Information protection is another component of information security that deals with the protection of misuse of the system, unauthorized access, and data disclosure. It accomplishes through the use of encoding, security solutions, and policies and procedures.
What’s the difference between Information Security, Cybersecurity, and Ethical Hacking?
Information Security, Cybersecurity, and Ethical Hacking are three distinct fields within the broader realm of computer security. They overlap in some areas but have specific focuses and objectives.
Information Security (InfoSec): This is the broadest of the three fields. Information Security refers to the processes and methodologies designed to protect any kind of sensitive data (not just digital) from unauthorized access, use, disclosure, disruption, modification, or destruction. It aims to ensure confidentiality, integrity, and availability of data. InfoSec is not limited to online systems and can include physical security and policies that govern data protection.
Cybersecurity: While sometimes used interchangeably with Information Security, Cybersecurity is more specifically focused on the protection of electronic data and the defense of systems and networks against digital attacks. It encompasses a wide range of practices, technologies, and processes designed to protect computers, networks, programs, and data from attack, damage, or unauthorized access. Cybersecurity is a subset of Information Security that deals strictly with the protection of data in cyberspace.
Ethical Hacking: This is a specialized area within Cybersecurity. Ethical hackers, also known as white-hat hackers, are security professionals who apply their hacking skills for defensive purposes. They are authorized to break into systems, find vulnerabilities, and help to fix these vulnerabilities before malicious hackers (black-hat hackers) can exploit them. Ethical hacking is about improving the security posture of an organization by using the same tools and techniques that malicious hackers might use, but in a lawful and legitimate manner.
In summary:
Information Security is the overarching discipline that focuses on protecting all forms of sensitive data. Cybersecurity is a subset of InfoSec, concentrated on defending digital data from cyber attacks. Ethical Hacking is a proactive approach within Cybersecurity, where experts simulate cyber attacks to identify and fix security weaknesses.
#PRCM #cybersecurity #ethicalhacking #informationsecurity
