Structure of InfoSec
In this module, we provide a foundational understanding of information security: how it is structured, the roles involved, and the vast ocean of opportunities awaiting you.
Author's Side Note
Since you are "new" to this field, we won't hand you practical exercises right away. Imagine you're sitting in a fighter jet, eager to take off. Without knowing what anything in the cockpit is, you'll find it impossible to start the aircraft.
This module is purely "theoretical" to give you the necessary picture of the InfoSec world first.
1 The Digital Landscape
Look closely at the following structure. It illustrates how elements in the digital world connect.
Client
The PC/Laptop/Phone you use to access resources on the Internet.
Internet
A vast, interconnected network of servers offering services.
Servers
Computers designed to perform specific tasks (e.g., hosting a website).
Network
Multiple devices connected to communicate with each other.
Cloud
Data centers offering interconnected servers for remote use.
The Teams
Defenders. Responsible for internal security and stopping attacks.
Attackers. Simulates adversaries to test defenses.
Collaborators. Blue and Red working together to enhance security.
2 The Castle Analogy
Imagine your information is treasure stored in a castle.
The Treasure
Your valuable data and information.
The Walls
Firewalls & encryption keeping outsiders out.
The Guards
Access controls monitoring who enters/leaves.
Penetration Testers
Knights simulating attacks to find weak spots.
Cyber Threats
Thieves constantly looking for breaches.
Digital Transformation
Expanding the castle, which attracts more thieves.
3 Security Concepts
Risk
Potential for Damage
The likelihood of a threat exploiting a vulnerability. It encapsulates both.
Threat
The Cause
A potential cause of an incident (Hacker, Fire, Flood) that results in harm.
Vulnerability
The Weakness
A flaw in the system (Bug, Weak Password) that allows the threat to succeed.
4 Roles in InfoSec
| Role | Description | Relevance to You |
|---|---|---|
| CISO | Oversees the entire program. | Sets strategy you will evaluate. |
| Security Architect | Designs secure systems. | Creates systems you try to breach. |
| Penetration Tester | Identifies vulnerabilities via attacks. | Likely your target role. |
| Incident Response | Manages security incidents. | Works with you on lessons learned. |
| Security Analyst | Monitors for threats. | Uses your reports to improve monitoring. |