Understanding IS Security and IS audit

IS security or information security refers to the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, that includes those measures necessary to detect, document, and counter such threats. It protects information, processes, and communication and protects sensitive business information from invasion. Information security is intended to protect organizations against malicious attacks. The two primary types of attacks are active and passive. Active attacks are considered more difficult to prevent, while passive attacks are easier to prevent with strong security measures.

Difference between IS security and IT security:

Information security Protects information processes and communication. Whereas, IT security is a component of information security that refers “only” to the protection of information on IT systems. In other words, IT security protects technical systems, such as hardware, software, and networks from unauthorized access, cyberattacks, and other malicious activity. Thus, information security has a broader scope than IT security. The most commonly cited examples of IT security include digital security disciplines such as endpoint security, cloud security, network security, and application security. IT security includes physical security measures like locks, ID cards, and surveillance cameras—required to protect buildings and devices that house data and IT assets.

Information security (IS) audit:

An information security (IS) audit, also known as a security audit or cybersecurity audit, is a comprehensive evaluation of an organization’s security posture. It examines an organization’s security systems, data protection policies, and safety procedures to identify vulnerabilities and recommends areas for improvement to security measures.

Some things that might be flagged during a security audit include insufficient password complexity, Inconsistent ACLs on folders*, Non-existent or insufficient file activity auditing, and Sensitive data not stored and protected correctly with encryption.

* An Access Control List (ACL) is a list of permissions that controls access to files and folders and determines what actions users can perform on them.

It may also be triggered by a number of events, like significant changes to IT infrastructure or systems, Regulatory requirements, and a security breach or incident.

Benefits of IS audit:

The audit ensures the availability of the information system, and the integrity and confidentiality of data including reviewing system records, activities, and related documents and evaluating regulatory compliance.

Security Considerations related Posts: