Understanding Information Security

Information security is the inclusive management of Technical, Physical and Administrative processes and tools

Having the right tools is only part of the battle

The number one question we get from prospective clients is “Do you do Cyber Security?” – when we know they really mean information security. We understand why: cyber attacks are getting bigger, with entire systems and infrastructure needing to be rebuilt after ransomware attacks. Customer information is stolen, impacting the confidence customers have in you. As a business owner, it’s smart to be aware of the risk of a cyber attack on your business.

But there’s a problem: whenever media reports on cyber attacks, they use words like Cyber Security or Cyber Protection to describe the attack. Experts will say that they are “Investing in more Cyber Security”, but what they should really say information security instead. That’s because cyber security is just one piece of the puzzle of overall security. And what you’re defending isn’t really your devices, or your network, but your information. That’s what hackers want: your data.

Information security is a broader, better term than cyber security.

There are three main pillars of Information Security:

Technical Protection

This is what most people think of when they hear “cyber security”. Technical Protection comprises all of the tools businesses use to keep their networks and devices secure: from firewalls, to password protectors, to anti-virus blockers. Secure browsers, closed networks, encrypted email and communications, etc.

But these tools are like a fence: they stop unwanted hackers, programs, and viruses (or at least, they slow them down) but they have nothing to do with what’s inside the fence. And while important, they can only do so much.

Administrative Policies & Procedures

When an attack does happen, you need to know what to do, who to call, and how to prevent more damage from being done.

Imagine that fence, surrounding your business. It might do a good job of keeping unwanted visitors out. But that fence has a gate, and if you don’t know how to lock the gate, the entire fence might as well be useless.

To be secure, you and your employees need to know what to do when a cyber incident happens. This includes how to use the tools you have in place to keep your business secure. More importantly, you need to know how to safely save your data and information so that if hackers get past your tools, you are still secure. You need to know not to log into personal accounts on company devices. You need to know how and when to make backups of your data, and where to securely store that data so that hackers can’t reach it.

As a security firm, we can equip you with all manner of security tools. But, if your business doesn’t have effective administrative policies and procedures, it’s a losing battle.

Physical Security

In the movie Oceans Eleven, the thieves need to gain access to the Bellagio’s network so that the casino’s security would have no idea they were being robbed. Instead of attacking the network by computer, the thieves did something different: they used balloons to block a camera, and an IT uniform to gain access to the servers. From there, hijacking the casino’s feed was as easy as pressing a button remotely.

It’s cool when it happens in the movies, but physical attacks to hack information happens all too often in real life. Physical Security measures include things like keeping doors locked, keeping your server room secure, and shredding important papers. Physical Security is a crucial, yet often overlooked, part of Information Security.

Learn more about Information Security

Sign up for our newsletter and receive our free ebook in your inbox

The world of IT and Information Security can seem like it’s deliberately confusing. In Cyber Defence 101: Choosing Your IT Partner, Principal Consultant Scott Birmingham walks you through the common questions you have and demystifies IT and Information Security systems.

Get your copy by filling out the form! Available as EPUB and PDF.