Information security
Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks.
- Snippet from Wikipedia: Information security
Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge). Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the 'CIA' triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process.
To standardize this discipline, academics and professionals collaborate to offer guidance, policies, and industry standards on passwords, antivirus software, firewalls, encryption software, legal liability, security awareness and training, and so forth. This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, transferred, and destroyed.
While paper-based business operations are still prevalent, requiring their own set of information security practices, enterprise digital initiatives are increasingly being emphasized, with information assurance now typically being dealt with by information technology (IT) security specialists. These specialists apply information security to technology (most often some form of computer system).
IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious attacks that often attempt to acquire critical private information or gain control of the internal systems.
There are many specialist roles in Information Security including securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning, electronic record discovery, and digital forensics.
Todo:
- BDD-Security
- Black Duck
- Charles Proxy
- Checkmarx AppSec Accelerator
- Checkmarx SAST (Static Application Security Testing)
- CyberArk Conjur
- Fortify SCA
- Fortify WebInspect
- HashiCorp Vault
- IriusRisk
- Kiuwan
- Klocwork
- LogRhythm SIEM
- OSSEC
- OWASP Zed Attack Proxy (ZAP)
- Qualys Cloud Platform
- SD Elements
- SecureAssist
- Signal Sciences
- Snort
- SonarQube
- Sqreen
- Tripwire
- Twistlock
- Venafi Trust Protection Platform
- Veracode
- WhiteHat