What is information security (InfoSec)?

Safeguard sensitive information across clouds, apps, and endpoints.

Information Security (InfoSec) defined

Information security, often abbreviated (InfoSec), is a set of security procedures and tools that broadly protect sensitive enterprise information from misuse, unauthorized access, disruption, or destruction. InfoSec encompasses physical and environmental security, access control, and cybersecurity. It often includes technologies like cloud access security brokers (CASB), deception tools, endpoint detection and response (EDR), and security testing for DevOps (DevSecOps), among others.

Key elements of information security

InfoSec comprises a range of security tools, solutions, and processes that keep enterprise information secure across devices and locations, helping to protect against cyberattacks or other disruptive events.

  • Application security

    Policies, procedures, tools, and best practices enacted to protect applications and their data.

  • Cloud security

    Policies, procedures, tools, and best practices enacted to protect all aspects of the cloud, including systems, data, applications, and infrastructure.

    Cloud security

  • Cryptography

    An algorithm-based method of securing communication meant to ensure only intended recipients of a specific message can view and decipher it.

  • Disaster recovery

    A method to reestablish functional technological systems in the wake of an event like a natural disaster, cyberattack, or another disruptive event.

  • Incident response

    An organization’s plan for responding to, remediating, and managing the aftermath of a cyberattack, data breach, or another disruptive event.

  • Infrastructure security

    Security that encompasses an organization’s entire technological infrastructure, including both hardware and software systems.

  • Vulnerability management

    The process an organization takes to identify, assess, and remediate vulnerabilities in its endpoints, software, and systems.

Three pillars of information security: the CIA triad

Confidentiality, integrity, and availability make up the cornerstones of strong information protection, creating the basis for an enterprise’s security infrastructure. The CIA triad offers these three concepts as guiding principles for implementing an InfoSec plan.

 

Confidentiality
 

Privacy is a major component of InfoSec, and organizations should enact measures that allow only authorized users access to information. Data encryption, multi-factor authentication, and data loss prevention are some of the tools enterprises can employ to help ensure data confidentiality.

 

Integrity
 

Enterprises must maintain data’s integrity across its entire lifecycle. Enterprises with strong InfoSec will recognize the importance of accurate, reliable data, and permit no unauthorized user to access, alter, or otherwise interfere with it. Tools like file permissions, identity management, and user access controls help ensure data integrity.

 

Availability
 

InfoSec involves consistently maintaining physical hardware and regularly completing system upgrades to guarantee that authorized users have dependable, consistent access to data as they need it.

Common information security threats

Advanced persistent threat (APT) attack:
 

A sophisticated cyberattack occurring over a prolonged period, during which an undetected attacker (or group) gains access to an enterprise’s network and data.

 

Botnet:
 

Derived from the term “robot network,” a botnet comprises a network of connected devices an attacker infects with malicious code and controls remotely.

 

Distributed denial-of-service (DDoS) attack:
 

DDoS attacks utilize botnets to overwhelm an organization’s website or application, resulting in a crash or a denial of service to valid users or visitors.

 

Drive-by download attack:
 

A malicious piece of code that automatically downloads onto a user’s device upon visiting a website, making that user vulnerable to further security threats.

 

Exploit kit:
 

A comprehensive set of tools that utilize exploits to detect vulnerabilities and infect devices with malware.

 

Insider threat:
 

The possibility that an organizational insider will exploit authorized access, intentionally or not, and harm or make vulnerable the organization’s systems, networks, and data.

 

Man-in-the-middle (MitM) attack:
 

A malicious attacker interrupts a line of communication or data transfer, impersonating a valid user, in order to steal information or data.

 

Phishing attack:
 

Phishing attacks impersonate legitimate organizations or users in order to steal information via email, text message, or other communication methods.

 

Ransomware:
 

A malware extortion attack that encrypts an organization or person’s information, preventing access until a ransom is paid.

 

Social engineering:


Cyberattacks that originate with human interaction, in which the attacker gains a victim’s trust through baiting, scareware, or phishing, gathers personal information, and utilizes the information to carry out an attack.

 

Social media attack:


Cyberattacks that target social media platforms, exploiting the platforms as delivery mechanisms, or stealing user information and data.

 

Viruses and worms:


Malicious, undetected malware that can self-replicate across a user’s network or system.

Technologies used for information security

Cloud access security brokers (CASB)


Security policy enforcement points positioned between enterprise users and cloud service providers that combine multiple different security policies, from authentication and credential mapping to encryption, malware detection, and more. CASBs function across authorized and unauthorized applications, and managed and unmanaged devices.

 

Data loss prevention


Data loss prevention (DLP) encompasses policies, procedures, tools, and best practices enacted to prevent the loss or misuse of sensitive data. Key tools include encryption, or transforming plain text into ciphertext via an algorithm, and tokenization, or assigning a set of random numbers to a piece of data and using a token vault database to store the relationship.

 

Endpoint detection and response (EDR)


EDR is a security solution that utilizes a set of tools to detect, investigate, and respond to threats in endpoint devices.

 

Microsegmentation
 

Microsegmentation divides data centers into multiple, granular, secure zones or segments, mitigating risk levels.

 

Security testing for DevOps (DevSecOps)
 

DevSecOps is the process of integrating security measures at every step of the development process, increasing speed and offering improved, more proactive security processes.

 

User and entity behavior analytics (UEBA)


UEBA is the process of observing typical user behavior and detecting actions that stray outside normal bounds, helping enterprises identify potential threats.

Information security and your organization

Enterprises can employ information security management systems (ISMS) to standardize security controls across an organization, setting up custom or industry standards to help ensure InfoSec and risk management. Employing a systematic approach toward InfoSec will help proactively protect your organization from unnecessary risk and allow your team to efficiently remediate threats as they arise.

 

Responding to information security threats
 

Once your security team has been altered to an InfoSec threat, complete the following steps:

  • Gather your team and reference your incident response plan.
  • Identify the source of the threat.
  • Perform actions to contain and remediate the threat.
  • Evaluate any damage.
  • Notify relevant parties.

Learn more about Microsoft Security

Microsoft Security

A comprehensive approach to security.

Explore more

Information protection and governance

Help safeguard sensitive data across clouds, apps, and endpoints.

Learn more

Microsoft Purview Information Protection

Discover, classify, and protect sensitive information wherever it lives or travels.

Learn more

Information Protection blog

Learn about feature updates and new capabilities across Information Protection in the latest blogs.

Read more

Frequently asked questions

|

Cybersecurity falls under the broader umbrella of InfoSec. While InfoSec encompasses a wide range of information areas and repositories, including physical devices and servers, cybersecurity only references technological security.

InfoSec refers to security measures, tools, processes, and best practices an enterprise enacts to protect information from threats, while data privacy refers to an individual’s rights to control and consent to how their personal data and information is treated or utilized by the enterprise.

Information security management describes the collection of policies, tools, and procedures an enterprise employs to protect information and data from threats and attacks.

An ISMS is a centralized system that helps enterprises collate, review, and improve its InfoSec policies and procedures, mitigating risk and helping with compliance management.

The independent entities of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed a set of standards on InfoSec, intended to help organizations across a broad range of industries enact effective InfoSec policies. ISO 27001 specifically offers standards for implementing InfoSec and ISMS.