Simply put, Information Security, or InfoSec, is the science of protecting information. It also involves the tools that hold the information ranging from the humble Post-It or sticky note to your smartphone. Information security professionals are tasked with protecting data in all its forms – physical and digital – along with the media that holds and uses this data.
Let’s take the example of a cheque book. This is one mode authorized by your bank to allow financial transactions. The cheque book will contain information such as your name and account number. It is only once it is signed by the account holder, it becomes valid to initiate a transaction. This is enforced by rules and regulations of the land and the bank is required to follow them. In the absence of these rules, every transaction can be made arbitrarily from any account and in the ensuing chaos, customers will lose trust in banks and the economy suffers in the long run. InfoSec professionals play a significant role in forming these rules and regulations which become policies in various organizations that depend on customer trust for their business.
The role of an InfoSec professional is also to encourage information security hygiene as a lifestyle of a company’s employees and their customers alike. A person aware of the risks a signed blank cheque-leaf poses, they will not leave it around unguarded. Upon theft, there are processes the bank has in place to prevent misuse of that cheque-leaf. Such processes to protect the bank and its customers from fraud and the resulting reputational damage are designed by InfoSec professionals but they will work only if everyone is aware of them.
InfoSec is a relatively growing area and getting an entry into this is relatively easy. Having a non-technical background also has profound advantages because the goal of InfoSec is to ultimately protect the organization’s business processes from disruption. All that is needed is supplementation with technical knowledge and continuously build on it from there. The best starting point is to learn how your computer’s operating system works. This is because all PCs, servers, network devices and smart phones have an operating system but each designed for different purposes. In parallel, it is important to learn how computers communicate over a network. This knowledge is the prerequisite for any technical course in this field.
Likewise, it is essential for any InfoSec professional to pursue a non-technical course such as financial management and accounting, marketing and operations management in order to be able to protect their organization effectively.
