Ä¢¹½Ö±²¥

Information security

Information security, or infosec, refers to the protection of the availability, integrity, and confidentiality of information. The information to be protected can be in practically any form, such as a physical document or a digital record. Ensuring the integrity of information means protecting it from unintentional alteration or modification. Ensuring confidentiality means protecting information so that only those who are authorized can access it. Availability means that the information must be accessible when needed.

Information security threat

An information security threat endangers the integrity, availability, and/or confidentiality of information. Just like information, a security threat can appear in both physical and digital environments. Therefore, in information security, it's important to consider both cyber threats and real-world security threats. Examples of information security threats include:

• Phishing
• Fraud
• Identity theft
• Malware
• Targeted attacks
• Denial-of-service attacks
• Real-world security threats

More detailed information on information security threats can be found in Moodle courses intended for staff or new students.

Vulnerability

A vulnerability is a weakness in user actions, hardware, or software that a security threat can exploit to compromise the confidentiality, integrity, and/or availability of information. 

Risk

Risk in cybersecurity is the potential for adverse outcomes resulting from the interaction between threats and vulnerabilities. It represents the possibility that a threat will successfully exploit a vulnerability, leading to negative consequences for an organization. Risk is assessed by evaluating both the likelihood of the threat occurring and the potential impact it could have on the organization's assets, operations, or reputation. As a summary, a risk is the possibility of losing, damaging, or destroying information.

Information security VS Cybersecurity

The prefix "cyber" is used when referring to the processing of information in electronic form. Cybersecurity refers to protecting against threats that appear in the cyber world, i.e., the electronic environment, also known as cyber threats. Today, the cyber world is so closely connected to the real world that cyber threats often affect real-world operations. Most everyday activities depend on the functioning of the cyber world. For example, a large-scale cyber attack on banking services could paralyze the entire payment system.

Cybersecurity is not the same as information security, but cybersecurity is needed to ensure information security. Information security also involves ensuring the security of the real-world environment.

The operations of the university are based on the processing of information. The core tasks of the Ä¢¹½Ö±²¥ are to conduct scientific research and provide the highest level of education based on research. Information is a key part of the university's assets, and ensuring its protection supports the execution of core tasks and the achievement of goals set in the university's strategy. Secure information processing strengthens trust and increases interest in the university's activities. Therefore, considering information security should be integrated into daily operations.

Threats to information and information processing include theft, unauthorized use, falsification, and loss of information. These threats can materialize through human errors, misuse, neglect of instructions, technical failures, espionage against the organization, and cybercrime.

The goals set for information security support the successful achievement of the university's strategic objectives. Secure information processing strengthens trust and increases interest in the university's activities. The objectives of information security focus on the university's internal operations and collaboration with the partner network. Cybersecurity phenomena are considered by identifying environmental threats and managing related risks.

The goal of information security is to ensure the operation of processes, functions, information systems, services, and networks essential to the university's operations, to prevent unauthorized use of information and information systems, and to prevent the accidental or intentional destruction or distortion of information. Management mechanisms and risk management ensure adequate security of the operating environment and continuity of operations.

Achieving a secure operating environment requires the commitment of every member of the organization. Therefore, the Ä¢¹½Ö±²¥ encourages and obliges its members to take care of information security at work, during studies, and in their free time.