Blog

What is Information Security and Cybersecurity?

All businesses use information – for example, employee information, tax information,
proprietary information, or customer information. Information is vital to the operation of a
business. If that information is compromised in some way, the business may not be able to
function. Protecting the information an organization creates, uses, or stores is called
“Information Security.”

Information Security is formally defined as “The protection of information and information
systems from unauthorized access, use, disclosure, disruption, modification, or destruction in
order to provide confidentiality, integrity, and availability”

Information security encompasses people, processes, and technologies. It concentrates on how to
protect:

Confidentiality – protecting information from unauthorized access and disclosure. For
example, what would happen to your company if customer information such as
usernames, passwords, or credit card information was stolen?

Integrity – protecting information from unauthorized modification.
For example, what if your payroll information or a proposed product design was
changed?

Availability – preventing disruption in how you access information.
For example, what if you couldn’t log in to your bank account or access your customer’s
information, or your customers couldn’t access you?

As more and more information becomes digitized – digitally stored, processed, and
communicated – cybersecurity has become a key component of information security.
Cybersecurity means protecting electronic devices and electronically stored information.
Cybersecurity is formally defined as “Prevention of damage to, protection of, and restoration of
computers, electronic communications systems, electronic communications services, wire
communication, and electronic communication, including information contained therein, to
ensure its availability, integrity, authentication, confidentiality, and nonrepudiation”
[CNSSI4009][HSPD23].
As part of information security, cybersecurity works in conjunction with a variety of other
security measures, some of which are shown in Figure 1. As a whole, these information security
components provide defense against a wide range of potential threats to your business’s
information. Although much of this publication involves electronic devices and solutions, it is
not limited to cybersecurity and typically refers to “information security” as a whole.

What is an MSSP?

Managed security service providers (MSSPs) are IT service providers that specialize in offering cybersecurity monitoring and management to small and medium businesses. These services can include virus and spam blocking, intrusion detection, firewalls and virtual private network (VPN) management.

Impersonation

Impersonation

The most popular scenario for social engineering attacks is when the hacker impersonates or tries to trick them into compromising security.  Hacker impersonates another employee in the organization.

Hacker impersonates administrator

Hacker calls and impersonates the network administrator, tries to trick the user into compromising security by asking the user to do things such as changing their password or giving away account information.  The hacker also may ask the user questions about the general setup of the system.

Hacker impersonates user

Calls the network administrator pretending to be a frustrated user.  In this scenario the hacker will pretend they do not remember their password or how to get onto the system. An unaware administrator may help the hacker (acting as a frustrated user) gain access to the system by resetting a password and guiding them through the process of gaining access.

Hacker impersonates management

If the hacker knows the name of personnel on the management team, the hacker may call employees within the company and impersonate management. The hacker will ask the unsuspecting employee to perform actions that will essentially compromise the security of the system or the environment so that the hacker can gain access later.

What is a domain?

A domain is a unique name that appears after the @ sign in email addresses, and after www. in web addresses. It typically takes the form of your organization’s name and a standard Internet suffix, such as yourbusiness.com or stateuniversity.edu.