Blog – torncircuit.com

Well we learned that Information Security is the practice of protecting data, now we need to decide what data do we need to protect. Every organization will answer this question differently. Are you a medical company, do you have patient data? Maybe you are a manufacturing company so your data could be plans, or recipe’s of how you make your product. How about your employee information, personal data, every company has employee’s so maybe we need to protect that type of information too. There is a lot of different types of data that we need to protect based on what industry we are in.

Once you figure out what kind of data you want to protect now you need to figure out where this data resides on your network. Defining what is in scope for a security effort is a very difficult part of a security plan. Think of all the places where this sensitive data could be. Databases, file servers, web apps, or maybe the cloud.

Think of a grocery store, all the food is organized into aisles and shelves. We need to do the same thing with our data in our enterprise. What if you walked into the grocery store and all the food was in a big pile in the middle of the store. How would you find the items you need? How long would it take to find your list of ingredients you need to pick up. If our data is scattered amongst our network that is the same thing. Where is my sensitive data, and what kind do I have.

Figuring out what kind of sensitive data we have and where it resides is one of the most challenging infosec practices. If we know what we have and where it lives we are better suited to protect our sensitive data.

I have been working in the Information Security (InfoSec) space for 10 years now covering a wide range of InfoSec positions. During that time I have seen this industry change in a number of ways, and I have met a lot of awesome people in this industry. So what really is InfoSec? Is this a battle between good and evil? Is it a money game? Is electronic data the only focus, or is physical data as important? Will you ever achieve absolute security? Information Security is a very complex journey, but let’s back up and take a very simple, basic approach to this and start our journey as if this is the first time we ever heard of InfoSec

Everyone in the tech industry seems to use the search engines to figure out answers to certain questions. If you don’t remember the specific syntax to do something you can just google it. Well, let’s start this off with a google search to see if this will help us out. If you do a simple google search and ask “what is infosec” you get this back: procedures or measures used to protect electronic data from unauthorized access or use. If you do another google search for “what is information security” you get this: the state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this. Well, we can deduce that InfoSec is the practice of protecting your data. That sounds pretty easy, but let’s look at what data is.

Next time we will jump into what is data and how do we protect it. Feel free to chime in and let me know what you think. Thank you ~torn