Information security

Defending against cyber risks and threats in the ever-evolving hyperconnected world.

Placeholder for Developers behind screensDevelopers behind screens
Introduction

Information security and protecting digital assets

Information security encompasses the techniques and controls used to protect digital assets. These digital assets may be business data, such as a new car design, the plans to a nuclear plant, a new piece of pharmaceutical drug research, or the recipe for Coke.

Alternatively, digital assets could mean personal information. There are many regulations or standards that require organisations to protect this category of information, such as the EU GDPR, the UK DPA 2018, PCI DSS etc.

The EU GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”

Whilst this definition specifically relates to personal data, the same definition of a breach could equally be applied to non-personal data. In order to prevent a breach, organisations must first complete a data mapping exercise (discovery). This identifies what data they have, where it is located and who/what resources have access to it.

OSI model

Data security and the OSI model

When the data has been located it should then be classified. This categorising and labelling of data is important as some data is more sensitive or highly regulated than others. The information assets should then be risk assessed to identify vulnerabilities, threats, likelihood and impact. This will highlight priority work for the next stage.

Controls can then be applied to maintain the confidentiality, integrity and availability of the data. Security measures should be considered at every level of the OSI model:

  1. Physical
  2. Datalink
  3. Network
  4. Transport
  5. Session
  6. Presentation
  7. Application

It is important to remember that data is not always static, or “at rest”. Data is constantly moved from one location to another so that it can be presented to other systems, services or applications and when there, it may be in use. As such, controls must be applied to data at rest, in motion and in use.

A good data security strategy should therefore consist of four phases:

  1. Discovery
  2. Classification
  3. Risk assessment
  4. Controls

With the fast-paced movement of technology and the rapid emergence of machine learning and artificial intelligence, it is hard to keep up with the changes to control technologies and techniques. This is where Infradata can help. Our technical team makes it their mission to understand the developments in the market and impartially assess the pros and cons of emerging technologies and methodologies.

Solutions

Four phases of information security explained

Connect with us

Get in touch with our security experts

Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.

Call now
Placeholder for Portrait of engineer beard wearing poloPortrait of engineer beard wearing polo
Updates

Latest news and blog posts