- Skills Directory
- Information Security
Information Security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information.
This competency area includes an understanding of the concepts of the triad of Confidentiality, Integrity, and Availability, Risk Management, Security Ops & Management, Security Governance & Compliance. The technical areas include understanding of security associated with Network, Cloud, Application, Data, Physical, Operating System, Cryptography & IAM.
Key Competencies:
- CIA Triad: Clear understanding of the principles of Confidentiality, Integrity, and Availability.
- Risk Management: Ability to identify, assess, and mitigate potential threats and vulnerabilities to information assets.
- Security Awareness: Ability to educate teams and organizations about cyber threats and best practices for staying safe online.
- Security Governance and Compliance: Understanding of frameworks, policies, and procedures for establishing, implementing, and maintaining effective security governance, risk management, and compliance programs.
- Network Security: High level understanding of protecting networks from unauthorized access, intrusions, and malicious attacks.
- Cloud Security: High level understanding of how to ensure the security of data and applications stored and accessed in cloud environments.
- Application Security: Ability to secure applications against vulnerabilities and attacks like code injection and SQL injection.
- Data Security: Understands how to protect sensitive data throughout its lifecycle, from creation to storage to disposal.
- Cryptography: Understanding of encrypting data to protect its confidentiality and integrity.
- Identity and Access Management (IAM): Ability to control access to resources based on user identities and permissions.
- Security Operations and Management: Ability to monitor, detect, and respond to security incidents.
- Operating System Security: Able to create strategies to secure operating systems from unauthorized access, malware, and other threats, including user authentication, access controls, patch management, and system hardening.
- Physical Security: Understands measures to protect physical assets, facilities, and infrastructure from unauthorized access, theft, vandalism, and natural disasters.