Security is an important matter in every domain. It stands for the act of “protecting” assets that have a significant value. This “protection” cannot be shortened into one simple definition, for it includes several aspects depending on the nature of the asset we want to protect and its specifications.Nevertheless, this subject has been lately of great importance, more than ever. The reasons might be numerous, but the fact that this has turned into a trend have pushed a lot of people to try to learn the secrets of security and to dig deep into its philosophy and methodologies. In this article (and hopefully the ones to come), I will try to introduce the security on information systems and information technology as a whole in order to get a glance about the importance and the criticality of such matter, and also to spot the light on some misunderstandings of the nuances between the information security as a whole and its components (network security …). This will serve as a ground base for me and the readers in order to discuss security matters and hopefully learn from each other and from other experts. For instance, there are mainly two types of assets in information systems: tangible and intangible assets. Tangible assets are physical assets such as machines, cables … We can easily distinguish them a simple rule: if you can touch it using your hands then it is tangible! Easy isn’t it?If we understand tangible then we already know what intangible assets are. Any asset that is not physical is an intangible asset, but these assets might be a little tricky and not at the first sight: Information, data, software, licenses … and the list goes on! That being said, the security of information systems deals with both types of assets and has as the main goal to protect them from any form of violation, theft of misuse.The question that pops into my mind at this stage is to know the difference between information systems security and networks security? Well, as I see it (hopefully I can get your opinions in the comments section to correct me if I am wrong) the two of them overlap to the point that it is very hard to distinguish between them or to treat one of them without having to deal with the other! The main principle of information security is to guarantee the confidentiality, integrity, and availability of the information, and once this information is stored or transported on a digital medium, then it has changed its nature at some point into a data that needs to be processed! Hence the overlapping between the two concepts. This introduction will serve (as noted earlier) as a ground base to what will be coming. The final purpose is to introduce the philosophy of threating security using a layered approach (inspired from the famous defense in depth methodology), but the ultimate finality as I hope is to create an “Agora” where we can change ideas and learn from each other.
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!