[Audio] ▪ Information security (infosec) refers to policies, processes, and tools designed and deployed to protect sensitive business information and data assets from unauthorised access. There are three core aspects of information security: confidentiality, integrity, and availability . ▪ The ISO 27001 Information Security Policy is a mandatory document used to define the leadership and commitment of an organization's top management to the Information Security Management System..
[Audio] ▪ Confidentiality — Only authenticated and authorized individuals can access data and information assets. ▪ Integrity — Data should be intact, accurate and complete, and IT systems must be kept operational. ▪ Availability — Users should be able to access information or systems when needed..
[Audio] Application Security : ▪Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications..
[Audio] Infrastructure security : ▪ Infrastructure security is the security provided to protect infrastructure, especially critical infrastructure, such as airports, highways rail transport, hospitals, bridges, transport hubs, network communications, media, the electricity grid, dams, power plants, seaports, oil refineries, and water systems. Cloud security ▪ Cloud security is a collection of procedures and technology designed to address external and internal threats to business security. Organizations need cloud security as they move toward their digital transformation strategy and incorporate cloudbased tools and services as part of their infrastructure..
[Audio] ▪ Access control is a fundamental component of data security that dictates who's allowed to access and use company information and resources. Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data. ▪ Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization. There are two types of access control: physical and logical..
[Audio] ▪ An incident response plan is a set of written instructions that outline your organization's response to data breaches, data leaks, cyber attacks and security incidents. ▪ Incident response planning contains specific directions for specific attack scenarios, avoiding further damages, reducing recovery time and mitigating cybersecurity risk..