Information Security (InsoSec)
Information Security (InsoSec) is the state of a data owner or custodian’s protection against threats to data under its charge. Today the term refers mainly to the practice of securing electronic data.
InfoSec is sometimes discussed as requiring three essential pillars called the CIA triad: confidentiality, integrity, and availability. Enterprises need data to adhere to these three pillars to function optimally. Implicit is that a balance among these pillars should be reached, with data of a certain kind being (1) available but secure, (2) viewable but not to anyone, (3) shareable but with limits to how and who may transmit it, and the like.
Large enterprises that hold large stockpiles of data as their business or to conduct business often have a dedicated InfoSec team, sometimes distributed among core functions such as identity and access management (IAM); governance, risk, and compliance; incident response and forensic analysis; architecture and policy; data loss prevention; penetration testing (pen-testing); secure application development; secure development operations (DevOps).
Small and midsize businesses (SMBs) often rely on vendors to provide them security solutions that integrate with SMBs internal environments and customer applications. These can be purchased off the shelf or they can be a security-as-a-service (SECaaS) subscription.
“A lot of infosec is akin to rearranging deck chairs on The Titanic. While there is no shortage of solutions on the market, few of them address the root causes of credential stuffing, phishing, and account takeover.”