Lesson 1: Foundations of Information Security & Cyber
Information Security is the protection of information from unauthorized access, modification, destruction, or disclosure — a broad field combining people, processes, and technology. In this lesson we define information security, distinguish it from Cyber Security, and explain why the field has becom
In brief: information security keeps information confidential, accurate, and available — accessible only to the authorized, without tampering, and when it is needed.
- Information Security
- Protection of information from unauthorized access, modification, destruction, or disclosure, combining people, processes, and technology.
- Cyber Security
- A sub-domain of information security focused on the digital space: networks, applications, and computerized communication.
- Cyber / Cybernetics
- Short for Cybernetics; from a Greek root meaning 'to steer' or 'navigate'. Today it refers to the digital space.
- The three information dimensions
- Information exists in three layers that must be protected: digital (databases, files), physical (documents, hardware, safes), and human (know-how, passwords, procedures).
- CIA Triad
- The three foundational principles of information security — the goal of every control: Confidentiality, Integrity, and Availability.
- NIST (National Institute of Standards and Technology)
- The U.S. National Institute of Standards and Technology; distinguishes information security (protecting information and systems) from cybersecurity (protecting systems, networks, and digital information).
- GDPR (General Data Protection Regulation)
- A European regulation protecting the personal data of EU citizens, imposing heavy penalties for violations.
- Privacy Protection (Data Security) Regulations, 2017
- Israeli regulations (in force since 2018) requiring database owners to apply security controls, classify databases, manage access, and report severe security incidents. Liability also rests on senior management and the board, not only the IT department.