InfoSec = Information Security
There are two broad aspects of security that need to be focused on by those responsible for Information Security to achieve a holistic approach. Firstly the people in an organisation need to be educated how to behave in ways that minimise threats. Secondly the information infrastructure needs to be set up in ways that mimimise threats.. it hsould be rememebered that there needs to be a balance between usability, cost and security. there is no point spending more on security than the cost of the loss of functionality or information. In essence there is no such thing as a fully ‘secure system’. Overall it is more that threats can be minimised.
People can be trained to follow procdures that adhere to security policies. Examples of could be: shutting down terminals when away from the desk, using strong passwords, being aware of phishing techniques,reporting viruses and not surfing the net irresponsibly. Most of these tactics involve increasing awareness. Once again thes techniques do not guarantee a secure system but only minimise the likelihood of a loss of information or a breach.
When it comes to infrastructure we can separate it into layers. the first layer would be physical This would inclucde the transfer of information and things such as confirmation of identity to get onto a network. The next layer would be the IP layer. This might need encryption to ensure the data traffic cannot be read. Authentication can alos be done here. Following that layer is the TCP layer. Firewalling works here. At the top level, the application layer, it pays to keep all appications up-to-date and to control internet use.