Copyright

Types of Information Security

An error occurred trying to load this video.

Try refreshing the page, or contact customer support.

Coming up next: Importance of Information Security

You're on a roll. Keep up the good work!

Take Quiz Watch Next Lesson
 Replay
Your next lesson will play in 10 seconds
  • 0:00 Types of Information Security
  • 1:43 Definition of…
  • 5:45 Lesson Summary
Add to Add to Add to

Want to watch this again later?

Log in or sign up to add this lesson to a Custom Course.

Login or Sign up

Timeline
Autoplay
Autoplay

Recommended Lessons and Courses for You

Lesson Transcript
Instructor: Alison Gunnels

Alison has a graduate degree in Criminal Justice.

In this lesson, we will discuss information security and cover the eight different types of security. The arrangement of information security into these different types aligns with one of the most common information security certifications, CISSP.

Types of Information Security

Samantha, the Computer Security Manager, and her team, Jonah and Tracey, had packed up their offices early on Friday. Their budget presentation was a smashing success at the CEO's board meeting, and they were having a team dinner to celebrate. Tracey answered a call, and her eyes got wide. She flagged the other two to be quieter as she listened to the caller. 'Sure, Davis. We'd be happy to give the Chief Financial Officer a security orientation. When can you schedule? Tuesday afternoon is fine. We'll be ready.'

'The Chief Financial Officer wants us to teach her about security.' Samantha grinned at the others' wide-eyed stares. We'll need to start from scratch and talk about the different types of information security; everything from identity and access to encryption and disaster recovery. There are eight types we want to cover if we go with the categories from the most popular security certification, the Certified Information Security Professionals or CISSP. '

Tracey pulled her mini-tablet out and started typing: 'Identity and access management. Security engineering, including cryptography. Asset security. . . I know we should include security operations. Software development security has got to be there, too.'

Jonah chimed in. 'The CFO is going to have questions about security and risk management because her team will care about legal and compliance obligations. And they are auditors, so they will not forget security testing. That's seven. Samantha, you said eight?'

'Not bad, but you both forgot communications and network security.' Samantha gestured to Tracey's tablet with her thumb. 'We have the basic list. Now we just translate it into plain English.'

Definition of Information Security Types

Information security is more than a single discipline. It ranges from technical configurations to legal and policy work. Let's say that Samantha's team is given a database full of sensitive information. To protect that database, they would work through each type of information security and consider how it applies.

Samantha's team could start with asset security, protecting a physical or virtual item based on its value and sensitivity. They'd consider the database itself as an asset and ask the data owner questions to figure out its worth. The questions would include:

  • What is sensitive about the database?
  • What makes it valuable?
  • Who can make decisions about it?
  • Who needs to use the database, and who definitely shouldn't get access?
  • Does the database have data that ages out and must be deleted?

These answers from the data owner allow Samantha's team to set rules about access and handling for the database.

When they understand the contents and restrictions from the business side, the security team continues working with the database owner on security and risk management. This type of information security explores the legal, regulatory, and compliance issues around the database. Some types of data, like health information, personal identification, and company financials, have legal restrictions around their handling and where the data can be stored. To perform security and risk management, the team would learn about these restrictions and design the security for the database to meet the requirements.

Once the appropriate privacy, handling, and access needs are understood, the team could move on to identity and access management (IAM). IAM deals with accounts, passwords, certificates, and permissions. They would set up the users of the database to have just enough access to do their jobs and require strong passwords to access the system. They would also monitor how and when these users log in and record the actions that the users take. IAM also includes the account creation-to-deletion cycle, so the database owner would regularly review and remove users' accounts when no longer needed.

To unlock this lesson you must be a Study.com Member.
Create your account

Register for a free trial

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Free 5-day trial

Earning College Credit

Did you know… We have over 160 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it free for 5 days!
Create An Account
Support