Information security and protecting digital assets
Information security encompasses the techniques and controls used to protect digital assets. These digital assets may be business data, such as a new car design, the plans to a nuclear plant, a new piece of pharmaceutical drug research, or the recipe for Coke.
Alternatively, digital assets could mean personal information. There are many regulations or standards that require organisations to protect this category of information, such as the EU GDPR, the UK DPA 2018, PCI DSS etc.
The EU GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”
Whilst this definition specifically relates to personal data, the same definition of a breach could equally be applied to non-personal data. In order to prevent a breach, organisations must first complete a data mapping exercise (discovery). This identifies what data they have, where it is located and who/what resources have access to it.
Data security and the OSI model
When the data has been located it should then be classified. This categorising and labelling of data is important as some data is more sensitive or highly regulated than others. The information assets should then be risk assessed to identify vulnerabilities, threats, likelihood and impact. This will highlight priority work for the next stage.
Controls can then be applied to maintain the confidentiality, integrity and availability of the data. Security measures should be considered at every level of the OSI model:
It is important to remember that data is not always static, or “at rest”. Data is constantly moved from one location to another so that it can be presented to other systems, services or applications and when there, it may be in use. As such, controls must be applied to data at rest, in motion and in use.
A good data security strategy should therefore consist of four phases:
- Risk assessment
With the fast-paced movement of technology and the rapid emergence of machine learning and artificial intelligence, it is hard to keep up with the changes to control technologies and techniques. This is where Infradata can help. Our technical team makes it their mission to understand the developments in the market and impartially assess the pros and cons of emerging technologies and methodologies.
Four phases of information security explained
The first step to effective information security and risk management.
Designed to ensure that data is marked in a way that allows only people with appropriate permission to access it.
Understand where your focus is necessary.
Develop resilience with next-generation information security controls.
Get in touch with our security experts
Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.