The goal of cybersecurity is to ensure the secure storage, control access, and prevent unauthorized processing, transfer, or deletion of data. It is designed to protect the confidentiality, integrity and availability of information. This risk is due to the fact that connectivity extends vulnerabilities to all systems. If one part of the infrastructure fails or is compromised, all dependent components are also affected.
Therefore, an important objective of infrastructure security is to minimize dependencies and isolate components while allowing intercommunications.
Information securityaims to protect information against theft, unauthorized modification, or destruction. Information can exist digitally in IT systems or, for example, on paper. The main objective of information security systems is to ensure the protection of data against external and internal threats.
This simple example also illustrates how to achieve the three main objectives of protecting information security: confidentiality, integrity and availability. Other protection objectives are useless if it is not possible to determine if communication is taking place with the desired communication partner. The issue of maintaining the security of information systems is equally serious for ordinary users and for businesses. InfoSec covers a variety of IT domains, including infrastructure and network security, auditing, and testing.
The main objectives of InfoSec are often related to ensuring the confidentiality, integrity and availability of company information. The main purpose of threat intelligence is to show organizations the risks they face because of external threats, such as zero-day threats and advanced persistent threats (APTs). In addition, records management contributes to regulatory compliance, as many regulations require companies to keep detailed records of what is happening in their systems. However, BYOD often leads to hidden IT, as IT staff has little (if any) visibility of these endpoints and cannot properly implement and maintain security measures.
Depending on the use case, other protection objectives related to information security may be considered. The goal is to make patient care efficient and to help obtain information to improve medical outcomes, while protecting the security and privacy of healthcare data. Achieving protection objectives relevant to information security involves organizational and technical measures. In blockchain technologies, distributed user networks verify the authenticity of transactions and ensure that integrity is maintained. In other cases, systems are developed without regard to security and remain in operation as legacy systems within an organization.