"Safe" is not a gray area.
Multiple threat vectors, physical security, internal controls, vendor reliability, response policies, training and preparedness — complete protection is complex and demanding.
MSP Overwatch™ helps you address all aspects of security for your business and for your clients.
Information Security in the IT Channel
Information security, sometimes abbreviated to infoSec, is a set of practices intended to keep data secure from unauthorized access or alterations, both when it’s being stored and when it’s being transmitted from one machine or physical location to another. You might sometimes see it referred to as data security. As knowledge has become one of the 21st century’s most important assets, efforts to keep information secure have become increasingly important.
The basic components of information security are most often summed up by the so-called CIA triad: confidentiality, integrity, and availability.
- Confidentiality is perhaps the element of the triad that most immediately comes to mind when you think of information security. Data is confidential when only those people who are authorized to access it can do so; to ensure confidentiality, you need to be able to identify who is trying to access data and block attempts by those without authorization. Passwords, encryption, authentication, and defense against penetration attacks are all techniques designed to ensure confidentiality.
- Integrity means maintaining data in its correct state and preventing it from being improperly modified, either by accident or maliciously. Many of the techniques that ensure confidentiality will also protect data integrity—after all, a hacker can’t change data they can’t access—but there are other tools that help provide a defense of integrity in depth: checksums can help you verify data integrity, for instance, and version control software and frequent backups can help you restore data to a correct state if need be. Integrity also covers the concept of non-repudiation: you must be able to prove that you’ve maintained the integrity of your data, especially in legal contexts.
- Availability is the mirror image of confidentiality: while you need to make sure that your data can’t be accessed by unauthorized users, you also need to ensure that it can be accessed by those who have the proper permissions. Ensuring data availability means matching network and computing resources to the volume of data access you expect and implementing a good backup policy for disaster recovery purposes.
In an ideal world, your data should always be kept confidential, in its correct state, and available; in practice, of course, you often need to make choices about which information security principles to emphasize, and that requires assessing your data. If you’re storing sensitive medical information, for instance, you’ll focus on confidentiality, whereas a financial institution might emphasize data integrity to ensure that nobody’s bank account is credited or debited incorrectly.
Our team is here to help you succeed.
Field-proven policies, controls, and procedures
Technology, training, and insurance implementation
Vulnerability scans, pen testing, and social engineering simulations with zero conflict-of-interest
Ease your own worries by hardening and testing your internal cyber defenses
The MSP Overwatch™ badge lets your clients and prospects know you are a trusted provider
Information security is the greatest challenge MSPs are facing in 2020. Don't face it alone.
MSP Overwatch™ is Live!
Be among the first MSPs to earn your TISC certification and MSP Overwatch badge!
Share your name and email address to setup a demo.