Information Security:

Policies and Best Practices

ITE 193
Types of Information Security
• Here are common types of information security in modern organizations:
1. Network security
❑This type of security encompasses the protection of computer
networks against unauthorized access or misuse.
❑Network security involves a range of technologies, such as
firewalls, intrusion detection/prevention systems, virtual private
networks (VPNs), and secure protocols, to ensure data
confidentiality, integrity, and availability.
Types of Information Security
1. Network security: some tools
 Types of Information Security
2. Application security
❑Application security involves securing software applications from
cyber threats, such as malware, SQL injection attacks, and cross-site
scripting (XSS). Application security solutions include secure
coding practices, penetration testing, and vulnerability assessments.
 Types of Information Security
3. Data security
❑Data security is the practice of protecting sensitive data
from unauthorized access, use, disclosure, or destruction.
Data security involves a range of technologies, such as
encryption, access control, and backup and restore
procedures, to ensure data confidentiality, integrity, and
availability.
 Types of Information Security
4. Endpoint security
❑ Endpoint security focuses on protecting endpoints, such as laptops,
desktops, servers, and mobile devices, from cyber threats. Traditional
endpoint security technologies include antivirus and anti-malware
software and firewalls. Modern endpoint security includes advanced
solutions like endpoint detection and response (EDR) that can protect
against zero-day threats/attacks (unknown vulnerability in your device’s SW
or HW).

❑ EDR is a cybersecurity technology that continually monitors an

"endpoint" (e.g. mobile phone, laptop, Internet-of-Things device) to
mitigate malicious cyber threats.
Types of Information Security
4. Endpoint security
 Types of Information Security
5. Mobile security
❑ Mobile security refers to the protection of
mobile devices, applications, and data from
unauthorized access or exploitation. Mobile
security solutions include mobile device
management (MDM) software, secure
mobile application development, and
secure communication protocols.
Types of Information Security
6. Cloud security
❑Cloud security involves the protection of
cloud-based data, applications, and infrastructure. It
covers a variety of security concerns, including
data privacy, access control, threat management,
and compliance.
 Types of Information Security
7. IoT security
❑IoT security involves securing the networks, devices, and
data associated with the Internet of Things (IoT). IoT
security covers a range of security issues, including data
privacy, access control, device authentication, and
network security.
 What is an InfoSec Policy?
An information security policy is a formal, documented set of rules
and guidelines that an organization establishes to protect its
information assets and ensure the confidentiality, integrity, and
availability of its data.
This policy serves as a framework for managing risk, defining
acceptable behaviors, and setting security expectations for
employees, contractors, partners, and other stakeholders. It also
helps organizations comply with legal, regulatory, and industry
requirements.
 What is an InfoSec Policy?
An effective information security policy typically includes
the following components:

✔Purpose: A clear statement outlining the policy's objectives and

the organization's commitment to information security.
✔Scope: A description of the systems, data, and personnel covered
by the policy, including any third-party vendors or partners.
 What is an InfoSec Policy?
An effective information security policy typically includes the
following components:

✔ Roles and responsibilities: A definition of the roles and responsibilities of

various stakeholders, such as management, IT staff, and employees, in
implementing, maintaining, and enforcing the policy.
✔ Asset management: Guidelines for identifying, classifying, and managing the
organization's information assets to ensure appropriate protection levels.
✔ Access control: Rules for granting and revoking access to systems and data,
including user authentication, authorization, and password management.
 What is an InfoSec Policy?
An effective information security policy typically includes the
following components:

✔ Incident response: Procedures for detecting, reporting, and responding to

security incidents, including communication protocols and escalation paths.
✔ Physical security: Measures to protect the organization's facilities,
equipment, and information assets from unauthorized access, theft, or damage.
✔ Training and awareness: Requirements for regular employee training and
awareness programs to promote a culture of security and ensure that personnel
understand their responsibilities.
 What is an InfoSec Policy?
An effective information security policy typically includes the
following components:

✔ Monitoring and auditing: Processes for monitoring compliance with

the policy, including regular audits, assessments, and reviews to identify
gaps and areas for improvement.
✔ Policy review and updates: A schedule for periodically reviewing and
updating the policy to ensure it remains relevant, effective, and aligned
with the organization's evolving needs and the changing threat
landscape.
 What is an InfoSec Policy?
An information security policy is a critical component of
an organization's overall security strategy, as it provides a
foundation for implementing technical measures,
administrative controls, and best practices to safeguard its
information assets.
 Notable Information Security
Solutions and Technologies
There are a lot of security tools and technologies used by
modern security organizations. However, here are some of
the most common tools that are typically present in a
mature security stack:
 Notable Information Security
Solutions and Technologies
FIREWALLS
❑ A firewall is a network security device that monitors incoming and
outgoing traffic, acting as a barrier between a trusted internal
network and untrusted external networks. Firewalls use predefined
rules to allow or block traffic based on factors like IP addresses,
ports, and protocols, preventing unauthorized access and malicious
traffic from entering the network.
 Notable Information Security
Solutions and Technologies
Intrusion Detection System (IDS) & Intrusion Prevention
System (IPS)
❑ IDS is a security technology that monitors network traffic for signs of
malicious activity or policy violations. If detected, it generates alerts for
security personnel to investigate.
❑ IPS, on the other hand, is an active system that not only detects but also
blocks or prevents malicious traffic in real-time.
❑ Both IDS and IPS can be host-based (focusing on a single system) or
network-based (monitoring the entire network).
 Notable Information Security
Solutions and Technologies
Security Incident and Event Management (SIEM)
❑ SIEM solutions collect, aggregate, and analyze log data from various
sources, such as firewalls, IDS/IPS, servers, and applications. They help
organizations detect, investigate, and respond to security incidents by
providing real-time monitoring, advanced analytics, and automated
response capabilities. SIEM solutions also enable compliance with
regulatory requirements through centralized reporting and auditing.
 Notable Information Security
Solutions and Technologies
Vulnerability Management
❑ Vulnerability Management is the process of identifying, evaluating, and addressing
security weaknesses in an organization's IT infrastructure, software, and applications.
This process involves continuous scanning, monitoring, and assessment of systems to
detect possible vulnerabilities.
❑ Once vulnerabilities are identified, organizations prioritize and remediate them through
patching, configuration changes, or other security controls. The main goal of
vulnerability management is to reduce the likelihood and impact of successful
cyberattacks by minimizing exploitable vulnerabilities in the environment.
 Notable Information Security
Solutions and Technologies
Attack Surface Management
❑ Attack surface management is the practice of identifying, mapping, and reducing the
potential entry points (attack vectors) an adversary could use to compromise an
organization's IT systems and data. This involves understanding and securing all
components of the IT environment, including hardware, software, networks, cloud
services, and third-party integrations.
❑ By minimizing the attack surface, organizations can reduce the risk of cyberattacks, lower the chances of
successful breaches, and improve their overall security posture. Attack surface management includes
activities such as continuous monitoring, threat modeling, secure configuration management, and proper
access control implementation.
 Notable Information Security
Solutions and Technologies
Cloud Security Posture Management (CSPM)
❑ CSPM solutions help organizations maintain and improve their security
posture in cloud environments by continuously monitoring cloud
infrastructure, identifying misconfigurations, and providing recommendations
for remediation. CSPM tools enable organizations to enforce security policies,
assess compliance, and mitigate risks associated with cloud adoption.
 Notable Information Security
Solutions and Technologies
Threat Intelligence
❑ Threat intelligence refers to the collection, analysis, and sharing of
information about existing and emerging threats, such as threat actors,
tactics, techniques, and procedures (TTPs), vulnerabilities, and
indicators of compromise (IoCs). Threat intelligence solutions help
organizations proactively identify and mitigate risks, prioritize security
efforts, and improve their overall security posture.
Information Security
Best Practices
 Develop an Incident Response Plan
❖ An incident response plan prepares an organization to effectively manage
and respond to security incidents, minimizing the potential impact and
ensuring a swift return to normal operations.
❖ By establishing clear roles and responsibilities, outlining response
procedures, and promoting continuous improvement, an incident response
plan helps organizations maintain a strong security posture and protect their
critical assets.
Develop an Incident Response Plan
 Adopt DevSecOps
❖ DevSecOps, which stands for Development, Security, and Operations,
integrates security practices throughout the software development lifecycle.
By incorporating security as an integral part of the development process,
DevSecOps aims to reduce vulnerabilities, ensure faster response to
security incidents, and promote a culture of shared responsibility for
security across the entire organization.
Adopt DevSecOps
 Create a Red Team and Blue Team
❖ Red team-blue team exercises involve two groups working together to
strengthen an organization's security posture. The red team simulates
real-world attacks, while the blue team defends against these attacks,
detects intrusions, and mitigates threats.
❖ By engaging in these exercises, organizations can strengthen their security
posture, improve incident response capabilities, and foster a culture of
shared responsibility for security.
Create a Red Team and Blue Team
 Conduct Penetration Testing
❖ Penetration testing involves simulating real-world
cyberattacks on an organization's systems,
networks, or applications to identify vulnerabilities
and evaluate their security defenses. By conducting
regular penetration tests, organizations can discover
weaknesses in their security controls, assess their
resilience against attacks, and remediate issues
before they are exploited.
 Automate Vulnerability Management
❖ Implementing automated vulnerability management tools, such as
vulnerability scanners and patch management systems, helps organizations
regularly identify, assess, prioritize, and remediate security vulnerabilities
in their systems. This continuous process reduces the window of
opportunity for attackers to exploit known weaknesses and improves the
organization's overall security posture.
 Implement Data Encryption
❖ Data encryption protects sensitive data from unauthorized access and
ensures the confidentiality and integrity of that data, both in transit and at
rest.
❖ By implementing strong encryption measures, organizations can minimize
the risk of data breaches, build trust with stakeholders, and maintain a
robust security posture.
 Leverage Strong Authentication
❖ Implementing strong authentication mechanisms, such as multi-factor
authentication (MFA), helps ensure that only authorized users can access
sensitive data and systems. MFA combines multiple methods of
verification, such as something the user knows (password), something the
user has (security token or smartphone), or something the user is
(biometrics). This layered approach significantly reduces the risk of
unauthorized access due to compromised credentials.
 Educate and Train Users
❖ Human error is often a significant factor in information security breaches.
Providing regular security awareness training to employees, contractors,
and partners helps build a security-conscious culture and ensures that users
understand their responsibilities in protecting the organization's data.
Topics covered in such training may include phishing awareness, safe
password practices, and how to report suspected security incidents.