Information security (infosec) refers to the strategies that safeguard digital information from people who are not authorized to have it. These strategies are designed to protect the confidentiality, integrity, and availability of data – this is sometimes referred to as the CIA Triad of information security. The Triad has evolved in recent years to the Parkerian hexad: Confidentiality, possession (or control), integrity, authenticity, availability, and utility.
Many enterprises retain a dedicated security team to maintain their infosec program, and this is typically led by the chief information security officer (CISO). They are responsible for risk management, and ensuring the secure operations of their organization. They prepare for threats in many forms, including phishing and malware attacks, identity theft, ransomware, and IoT cyberattacks, and implement security controls that will minimize the impact of an attack.
The infosec team will work to identify anything that can pose a threat to the Parkerian hexad, and work to mitigate each potential issue. For example, sensitive information must be kept confidential and controlled so it is not changed or transferred without permission of the owner. A sensitive message is at risk during transmission, because someone could intercept it before it reaches its intended recipient. Encryption can help mitigate this security threat, and digital signatures can increase information security by enhancing authenticity.
Another important infosec role is to select secure applications for the enterprise. Some applications are inherently more secure than others, since there are several methodologies developers can use to build secure software. For example, by using a modular architecture, it is much more difficult for a security flaw from one part of the system to jump to another part of the system. Some products, such as SUSE Linux Enterprise Desktop, have been designed with high security levels by limiting privileges, and by including a suite of built-in security tools to thwart attacks. Likewise, some OSes are more secure than others. Linux is inherently more secure than Windows, for example, due to Windows’ monolithic design, and its exposure to malware via administrator privileges.