This document discusses various technologies used for information security, including cloud access security brokers, adaptive access control, virtual private networks, endpoint detection and response solutions, intrusion detection and analysis systems, interactive application security testing, antivirus software, firewalls, audit data reduction, network mapping, password cracking, public key infrastructure, and vulnerability scanning systems. It defines information security as protecting information and systems from unauthorized access, use, disclosure, destruction, modification, or disruption. The conclusion states that information security is an ongoing process involving training, assessment, protection, monitoring, detection, incident response, documentation, and review.
2. Information security, sometimes shortened to InfoSec , is
the practice of defending information from unauthorized
access, use, disclosure, disruption, modification, perusal,
inspection, recording or destruction.
Process by which digital information assets are protected.
Julius Caesar is credited with the invention of the Caesar
cipher c. 50 B.C., which was created in order to prevent his
secret messages from being read should a message fall into
the wrong hands
5. Technologies
Cloud Access Security Brokers
Cloud access security brokers are on-premises or cloud-based security
policy enforcement points placed between cloud services consumers
and cloud services providers to interject enterprise security policies as
the cloud-based resources are accessed.
In many cases, initial adoption of cloud-based services has occurred
outside the control of IT, and cloud access security brokers offer
enterprises to gain visibility and control as its users access cloud
resources.
6. Adaptive Access Control
Adaptive access control is a form of context-aware access control that acts
to balance the level of trust against risk at the moment of access using
some combination of trust elevation and other dynamic risk mitigation
techniques.
Context awareness means that access decisions reflect current condition,
and dynamic risk mitigation means that access can be safely allowed
where otherwise it would have been blocked
Use of an adaptive access management architecture enables an
enterprise to allow access from any device, anywhere, and allows for
social ID access to a range of corporate assets with mixed risk profiles
7. Virtual private networks
A Virtual Private Network (VPN) is a private communications network that
makes use of public networks, oftentimes for communication between
different organizations.
A VPN is not inherently secure, though in its most common incarnation it does
utilize encryption to ensure the confidentiality of data transmitted.
There are three types of VPNs available today: dedicated, SSL and
opportunistic.
appear to currently be the most prominent deployment
The basic goal of a Virtual Private Network is to ensure the integrity of the
connection and communications.
When encryption is added, the goal of preserving confidentiality
may also be achieved.
8. Endpoint Detection and Response Solutions
The endpoint detection and response (EDR) market is an emerging
market created to satisfy the need for continuous protection from
advanced threats at endpoints (desktops, servers, tablets and laptops)
— most notably significantly improved security monitoring, threat
detection and incident response capabilities.
These tools record numerous endpoint and network events and store
this information in a centralized database.
Analytics tools are then used to continually search the database to
identify tasks that can improve the security state to deflect common
attacks, to provide early identification of ongoing attacks (including
insider threats), and to rapidly respond to those attacks.
These tools also help with rapid investigation into the scope of attacks,
and provide remediation capability
9. Intrusion detection and analysis system
The concept of intrusion detection has been around since 1980. In its most
essential form, intrusion detection is designed to detect misuse or abuse of
network or system resources and report that occurrence.
This detection occurs as a result of identifying behaviour based on anomalies
or signatures.
The most common form of intrusion detection system (IDS) today relies on
signature-based detection.
Other forms are:
Intrusion Prevention System (IPS)
Event Correlation System (ECS)
Anomaly Detection System (ADS)
10. Interactive Application Security Testing
Interactive application security testing (IAST) combines static application
security testing (SAST) and dynamic application security testing (DAST)
techniques.
This aims to provide increased accuracy of application security testing
through the interaction of the SAST and DAST techniques.
IAST brings the best of SAST and DAST into a single solution.
This approach makes it possible to confirm or disprove the exploitability of
the detected vulnerability and determine its point of origin in the
application code
11. Antivirus
Antivirus software was developed to detect the presence, and
eventually the attempted infection, of a system by malware. There are
generally two types of antivirus scanning software: signature-based and
heuristic.
Signature-based scanning relies on a database of known malware
signatures. It must be updated on a regular basis in order to ensure a
current database of known malware.
According to eBCVG, an IT Security company, a heuristic scanner "looks
at characteristics of a file, such as size or architecture, as well as
behaviors of its code to determine the likelihood of an infection."
The downside to heuristic scanners is that they often generate results
that misidentify software as being malware (a.k.a. "false positives").
14. Firewalls
A firewall is defined as a "component or set of components that restricts
access between a protected network and the Internet, or between other
sets of networks.“
Firewalls are network security resources that are defined to control the
flow of data between two or more networks. From a high-level
perspective, they can serve as a choke-point.
"Firewalls are powerful tools, but they should never be used instead of
other security measures.
They should only be used in addition to such measures." The primary role
of a firewall, in the traditional sense, is to protect against unauthorized
access of resources via the network as part of a “defense in depth”
solution.
15. Few more technologies
Audit data reduction
Network mapping
Password cracking
Public key infrastructure
Vulnerability scanning systems
Software-defined Security
16. Conclusion
Information security is the ongoing process of exercising
due care and due diligence to protect information, and
information systems, from unauthorized access, use,
disclosure, destruction, modification, or disruption or
distribution. The never ending process of information
security involves ongoing training, assessment, protection,
monitoring & detection, incident response & repair,
documentation, and review. This makes information
security an indispensable part of all the business
operations across different domains.