Back to Basics: Securing Information

One of the greatest minds the world has ever seen once made this observation: “Simplicity is the ultimate form of sophistication.” If Leonardo da Vinci himself could espouse such a mantra and still bestow on the world a dazzling legacy of artworks, inventions and scientific discovery, then it seems safe to say that we ourselves could benefit from spending some time covering the basics.

This is a particularly advisable approach when jumping into any information technology (IT) specialization. Take security, for example. Information security is not something that any business or individual can afford to treat lightly in 2016. Security requires sophistication — which, as da Vinci reminds us, is rooted in simplicity. To really lock in the advanced principles of cybersecurity, you have to begin by studying the basics.

Such as, to begin with, what is information security? Information security is the process of protecting the valuable digital data of the organization that you work for, and securing all access to that data. As noted by top TestOut trainer Robb Tracy in his introduction to Security Pro, TestOut CE's unrivaled Security+ training courseware, security administrators face more challenges today than ever before.

Let's review some of those challenges:

• Sophistication — Attacks are becoming much more difficult to detect and thwart. A lot of this has to do with the internet, which makes information readily available. Hackers are now able to send messages between the internet and your computer that look just like a legitimate communicaition.
• Proliferation — The volume of information security attacks is much higher than it used to be. It’s much easier to launch an attack over the internet.
• Scale and Velocity — With various tools, attackers can conduct “recon” on certain systems to identify which parts of those systems can be most easily exploited. Once a vulnerability has been detected, the internet can be used to execute a high-level attack that can quickly spread through connected systems.

The main goals of Information Security in your organization should include the following (also known as the "CIA" of Information Security):

• Confidentiality — Only authorized persons can access the information.
• Integrity — Ensure that the information has not been tampered with.
• Availability — The information must always be accessible to those who are authorized to use it.

In striking the right balance between security and availability, keep in mind these key security components:

• Physical Security — Obtain all hardware and software needed to secure the system. Examples include firewalls, antivirus software and anti-spam software.
• Users and Admins — Monitor those who will use the software for day-to-day tasks. Make sure you don’t have malicious users and administrators.
• Policies — Establish rules to regulate security.

Information security can be an exciting and rewarding field. Use TestOut training to master the basics, and you'll be able to deliver the highest form of sophistication to coworkers and customers ... by keeping it simple.

About the Author — Jake Slater is the social media manager for GoCertify and a graduate of Brigham Young University. He recently traveled to Cancun, but is no longer rockin' a holiday beard.