The most critical issue in information communication technologies is information security. However, this subject is so broad and deep that it is divided into many specialized areas even within its own sub-headings. The contents of the sub-headings are so intertwined that they are often confused. We have compiled a map that will make it easier for you to find your way in the field of information security.
Information security is defined as the prevention of unauthorized or unauthorized access, use, modification, disclosure, removal, alteration or damage to information as an asset and consists of three basic elements called “confidentiality”, “integrity” and “availability”. If any of these three basic security elements are compromised, a security weakness occurs.
- Confidentiality: The protection of information against unauthorized access and unauthorized access.
- Integrity: The information should not be altered by unauthorized persons.
- Accessibility: Information is accessible and usable by authorized persons when needed.
Securosis, a research firm focused on the field of information security, has elaborated in detail on the subject of information security, which until now has been quite scattered and often confused with each other. According to this classification, information security is
- network security
- endpoint security
- data security
- application security
- identity and access management
- security management
- virtualization and cloud
as 7 general categories and then these categories are divided into a total of 32 sub-headings:
1.) Network Security is divided into 6 sub-headings:
- Content Security
- Web
- Perimeter Defense
- Firewall/VPN
- IPS (Intrusion Prevention System)
- UTM (Unified Threat Management)
- NAC (Network Access Control)
- Wireless
- Monitoring
- NBA/NAD
- Forensics
- Managed Services
- Monitoring
- Management
2.) Endpoint Security is divided into 5 sub-headings:
- Endpoint Defense
- Anti-Malware
- Host Firewall
- Host-based Intrusion Prevention System (HIPS)
- Application Whitelisting
- Disk Encryption
- Device Control
- Mobile Security
- Remote Access / VPN
3.) Data Security is divided into 4 sub-headings:
- Database Security
- Database Assessment
- Database Activity Monitoring
- Database Encryption
- Data Loss Prevention
- DLP Solutions
- Full Suite
- Network DLP
- Endpoint DLP
- Content Discovery
- Data Loss Prevention Features (DLP Features)
- DLP Solutions
- Encryption
- File/Folder
- Distributed Encryption
- Key Management
- SAN/NAS
- Application Encryption
- File/Folder
- Access Management
- Entitlement Management
- File Activity Monitoring
4.) Application Security is divided into 5 sub-headings:
- Web Application Firewalls
- Application Testing
- Dynamic Application Testing
- Static Application Testing
- Secure Development
- Threat Modeling
- Development Process
- Testing Methodologies
- Web Application Assessment
- Web Vulnerability Assessment
- Web Penetration Testing
- Managed Services
- Assessment / Testing
- Managed Web Application Firewall (WAF)
5.) Identity and Access Management is divided into 5 sub-headings:
- Directories
- Authentication
- Provisioning / Making Ready
- Web Access Management
- Federation
6.) Security Management is divided into 5 sub-headings:
- Compatibility/Compliance
- IT-GRC
- PCI
- SOX
- HIPAA
- NERC-CIP
- Privacy
- Security Operations
- Security Information and Incident Management (SIEM)
- Log Management
- System Management
- Patch Management
- Configuration Management
- Vulnerability Management
- Vulnerability Assessment
- Penetration Testing
- Incident Response
7.) Virtualization and Cloud is divided into 2 sub-headings:
- Virtualization Security
- Virtual Machine Security
- Virtualization Infrastructure Security
- Cloud Security
- Cloud Security Services
- Cloud Hardening
- Cloud Risk Management
According to this categorization, the most popular topics at the moment are cloud computing security, data loss prevention (DLP) and web security.
Source: https://www.sibergah.com/genel/bilgi-guvenligi-nedir-ve-nasil-siniflandirilir/