Data may be or may not be in human readable or understandable form, like Binary data that cannot be understood by human being.
Where as information is summary and presentation of data in a way that can be read, understood by a human and that helps in decision making.
Data Security primarily focuses on “Backup”, “encryption”, or “masking” of data.
Three principals of Information security are Confidentiality, Availability and Integrity.
Security Testing – Software Testing Software
http://www.softwaretestingsoftware.com/category/security-testing-2/
What is vulnerability?
Vulnerability is a weakness or security hole in information system using which an attacker can gain access, damage, misuse, modify or disrupt part of or entire information system. Focus of Security Testing would be to identify all the vulnerabilities and get them plugged.
Vulnerability window refers to the time duration for which security hole existed i.e. from the time it was introduced till the security hole was plugged and security threat was neutralized. Greater the Vulnerability window, greater is the probability of attackers exploiting the security hole.
IT (Information technology) and Security
Security requirements in IT (information technology) can be broadly classified as “Application or Software Security”, “Data Security”, “Information Security”, and “Network Security”.
Application or Software Security:
Application Security focuses on different stages of SDLC (Software Development Life Cycle), process, tools and deliverables that can lead to application or software vulnerability or weakness.
Data Security:
Data Security focuses on policies and methods that will help prevent intentional or accidental damage, access or misuse of data by authorized or un- authorized users or programs. Data Security primarily focuses on “Backup”, “encryption”, or “masking” of data.
Data may be or may not be in human readable or understandable form, like Binary data that cannot be understood by human being. Where as “information” is summary and presentation of data in a way that can be read, understood by a human and that helps in decision making.
Information Security:
Information security focuses on protecting information from unauthorized access, misuse, modification or damage. Information security is usually thought as an alternate name of IT Security. However, Information Security is applicable for IT and Non IT as well, you might recollect seeing documents or files labeled as “Top Secret”, “Secret” or “Confidential”.
Three principals of Information security are Confidentiality, Availability and Integrity.
Confidentiality: refers to level of access, access rules are defined and access restrictions are in place. E.g. Top Secret information is accessible to VP and above.
Availability: means information is available when needed and is accessible for authenticated and rightful users.
Integrity: means information presented is correct and consistent through out.
Network Security:
most of the information systems are accessed over network be it internet or intranet. Network security refers to monitoring and preventing unauthorized use or misuse, neutralizing threats on the network. Most of the network security issues are due to hackers or bots or worms and malicious software that try to intrude into the network.
(sk)
IT セキュリティーを職業とする人たちにとって、「データとはなにか」、「情報とはなにか」というようなことは、すでに定義済みだということに驚く。
真面目に取り組まなければ IT システムはあっという間に破壊される。そういうギリギリの場所で働く人たちには、曖昧な理解は許されないのだろう。
なんと明確な考えなのだろう。