Structure of InfoSec - Erevio Notes

> [!abstract] In short: InfoSec is about protecting information and systems from anyone who shouldn't have access, covering unauthorized viewing, modification or destruction of data. Since we rely on digital platforms for almost everything, keeping data safe isn't optional. ## What it is Information Security protects data and systems from unauthorized access, whether that's someone viewing, changing or destroying information they shouldn't touch. We run our lives on digital platforms now (banking, shopping, communication, entire businesses) so this sits underneath nearly everything. ## The digital landscape A simplified picture of the world InfoSec operates in: |Piece|What it is| |---|---| |**Client**|A PC, laptop, or phone used to access resources and services online.| |**Internet**|A huge interconnected network of servers offering different services and applications.| |**Servers**|Machines that provide services. A web server, for example, delivers website content to your browser.| |**Network**|Multiple servers or computers connected so they can communicate.| |**Cloud**|Data centers offering interconnected servers that companies and individuals use on demand.| |**Blue Team**|Defenders, responsible for internal security and protecting against attacks.| |**Red Team**|Simulates real adversaries and attacks against the company.| |**Purple Team**|Blends Blue and Red, working together to actively improve security from what each side learns.| ## The castle analogy Think of your information as treasure stored in a castle. - **The treasure** is your valuable data and information. - **The castle walls** are firewalls, encryption and defensive mechanisms keeping outsiders out. - **The guards** are security protocols and access controls watching who comes and goes. - **The knights** are penetration testers, probing the castle's defenses by simulating attacks to find weak spots. - **Digital transformation** is expanding the castle to store more treasure, which attracts more thieves. - **Cyber threats** are the thieves constantly looking for a way in. The bigger the castle, the more it has to defend. Same with companies: as more services go online, security has to grow with them. ## Why it matters Information is one of the most valuable assets of the digital age: personal data, intellectual property, financial records, government secrets. A breach can cause financial loss, reputational damage, legal trouble and even national security risks. Attackers keep getting smarter and more aggressive, which makes solid security a necessity, not a "nice to have." ## Areas of InfoSec InfoSec is a wide field. Some of the main areas, each with its own note: - [[Network Security]] - [[Application Security]] - [[Operational Security]] - [[Disaster Recovery and Business Continuity]] - [[Cloud Security]] - [[Physical Security]] - [[Mobile Security]] - [[Internet of Things Security]] This barely scratches the surface and the field keeps evolving as technology and threats change. ## Core security concepts Three terms that get mixed up constantly but mean different things. > [!info] Risk: The potential for a malicious event to happen and damage assets like data or infrastructure. Measured by **likelihood** (how probable) and **impact** (how bad). It's the broad concept that wraps threats and vulnerabilities together. > [!info] Threat: A potential cause of an incident that could harm a system. It can be a person (hacker, cybercriminal) or an event (fire, flood). Threats exploit vulnerabilities. > [!info] Vulnerability: A weakness a threat can exploit: software bugs, misconfigurations, weak passwords. On its own it doesn't mean compromise. There has to be a threat able to exploit it for real risk to exist. > [!tip] The short version: **Risk** is the potential damage, **threat** is what can cause it, **vulnerability** is the weakness that lets the threat through. ## Roles in InfoSec A few of the most common roles: - **CISO (Chief Information Security Officer)**: oversees the whole information security program and sets the overall strategy. - **Security Architect**: designs secure systems and networks. Effectively builds what others will then try to attack or defend. - **Penetration Tester**: legally and ethically finds and exploits vulnerabilities through simulated attacks. The "knight" of the castle analogy. - **Incident Response Specialist**: manages and responds to security incidents. Often works closely with pen testers, both reacting to their simulated attacks and learning from them. - **Security Analyst**: monitors systems for threats and analyzes security data, using pen test results to sharpen detection and monitoring. - **Compliance Specialist**: makes sure the organization meets relevant standards and regulations. Pen test reports often support compliance. > [!tip] A good InfoSec program isn't one team doing its job. It's all of these roles constantly collaborating around the same goal: protecting the organization. The areas above are just different walls of the same castle.