Information Security

Defending against cyber risks and threats in the ever-evolving hyperconnected world

Information security encompases the techniques and controls used to protect digital assets. These digital assets may be business data, such as a new car design, the plans to a nuclear plant, a new piece of pharmaceutical drug research, or the recipe for Coke.  

Information Security and protecting Digital Assets

Alternatively, digital assets could mean personal information. There are many regulations or standards that require organisations to protect this category of information, such as the EU GDPR, The UK DPA 2018, HIPPA, COPPA, PCI DSS etc

The EU GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”

Whilst this definition specifically relates to personal data, the same definition of a breach could equally be applied to non personal data.  In order to prevent a breach, organisations must first complete a data mapping exercise (discovery). This identifies what data they have, where it is located and who/what resources have access to it. 

Data Security and the OSI model

When the data has been located it should then be classified.  This categorising and labeling of data is important as some data is more sensitive or highly regulated than others.  The information assets should then be risk assessed to identify vulnerabilities, threats, likelihood and impact. This will highlight priority work for the next stage.

Controls can then be applied to maintain the confidentiality, integrity and availability of the data.  Security measures should be considered at every level of the OSI model:

  1. Physical
  2. Data link
  3. Network
  4. Transport
  5. Session
  6. Presentation
  7. Application

It is important to remember that data is not always static, or “at rest”.  Data is constantly moved from one location to another so that it can be presented to other systems, services or applications and when there, it may be in use.  As such, controls must be applied to data at rest, in motion and in use.

A good data security strategy should therefore consist of four phases:

  1. Discovery
  2. Classification
  3. Risk assessment
  4. Controls

With the fast paced movement of technology and the rapid emergence of machine learning and artificial intelligence, it is hard to keep up with the changes to control technologies and techniques. This is where Infradata can help. Our technical team makes it their mission to understand the developments in the market and impartially assess the pros and cons of emerging technologies and methodologies.

Talk with an Expert

Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.

Share this page: