information security part 1

security

protects systems and information from threats

computer security

protects computer systems from harm, theft, and unauthorized access

cybersecurity

defends networks, data, and devices from cyberattacks

network security

protects networks from intrusions

application security

ensures software and devices are free of threats

information security

protects data integrity and privacy

disaster recovery

plans for restoring operations after an incident

confidentiality

ensures only authorized access to information

availability

ensures data is accessible when needed

integrity

protects data from being altered or corrupted

cyber threats

malware, ransomware, phishing, and ddos attacks are common threats; insider threats, where employees misuse access, can compromise sensitive data

data breaches

unauthorized access to databases can lead to the exposure of confidential information

cloud security

vulnerabilities in _-based systems can result in data loss or theft

weak passwords

poor _ practices make systems susceptible to brute-force attacks

supply chain vulnerabilities

third-party vendors may introduce risks if their security measures are inadequate

malware

viruses, worms, and trojans that damage systems

phishing

fraudulent attempts to gain sensitive information

ransomware

locks data and demands payment

social engineering

manipulating users into providing confidential data

implement robust security protocols

use encryption (e.g., aes) to protect sensitive data during storage and transmission; regularly update and patch systems to fix vulnerabilities

deploy multi-factor authentication

strengthen access controls with mfa to minimize risks of unauthorized access

conduct regular security audits

perform vulnerability assessments and penetration testing to identify and mitigate risks proactively

train employees on security awareness

educate _ about phishing attacks, secure password practices, and safe handling of data

invest in incident response plans

develop a comprehensive plan to quickly respond to breaches and minimize damage

data collection

organizations often collect vast amounts of personal data, raising concerns about misuse

consent issues

users may not fully understand or agree to how their data is being used

iot devices

can expose sensitive data due to weak security

global variations

privacy regulations differ across regions, complicating compliance