What is an Information Security Report?

Let’s define Information Security first. It is referring to a set of practices that are intended to protect data and secure it from unauthorized access or alterations. It is also more commonly abbreviated as infosec. The goal of information security is to ensure the utmost safety of critical and sensitive data such as login credentials, intellectual property, copyrighted property, and many others. Should an incident involving information security occur, officials are involved with reducing the impact of that particular incident, and damage limitation happens. Incidents concerning information security are to be written in an important document known as the Information Security Report. This form contains a detailed report of the chain of events leading up to the incident.

What are the Principles of Information Security?

According to the Central Intelligence Agency, there are three main principles of Information Security. These are the following: confidentiality, integrity, and availability. It is also known as the “CIA Triad“.

Confidentiality: The objective of this first part of the triad is to keep someone’s personal information private and ensures that the only people who have access to it are the owner of the information and the people who need it for their organizational functions. It is also about controlling access to someone’s data in order to prevent unauthorized disclosure which could lead to having it compromised. Having passwords is an example of a technique used to ensure that there is confidentiality.Integrity: In everyday definition, integrity means the quality of being something whole or complete. The objective of this second part of the triad is to maintain data in its correct state throughout its life cycle and protecting that data from outsiders who intend to modify it maliciously or for someone with legitimate access from modifying it unintentionally. An example of a tool that helps protect data integrity is using checksums, which are small blocks of data derived from another block of digital data for the purpose of detecting various errors that may have been detected during transmission or storage. Should a piece of data be compromised, having frequent backups can help restore it to its original state.Availability: In simple terms, it is defined as having all networks, systems, and applications up and running. The objective of this third and final part of the triad is to make sure that data is accessible when needed to those who have the appropriate permissions, or to a certain individual for a limited amount of time. This is essentially confidentiality’s other side of the coin. Ways to ensure data availability include having redundancy in servers, frequent system maintenance for server upgrades or patches, and DDoS (Distributed Denial of Service) attack protection. This part of the triad is often viewed as the most important since it enables the end-users to be able to use information.

The best example of the application of all three principles is that of a bank ATM. It provides confidentiality by requiring a physical card and a unique PIN code before data can be accessed and the transaction can begin. It provides integrity by ensuring that transactions made are appropriately reflected in the user’s bank account. Lastly, it provides accessibility because bank ATMs are located in a public place and are readily available even after the main bank operating hours.

What are examples of Information Security Incidents?

Every now and then, someone undetected can sneak through various security protections, causing an incident and disrupting routine activities. Here are the common examples of it:

Phishing. This incident occurs when a malicious impersonator sends messages (e-mails in particular) that seem to come from a legitimate source (such as banks, big corporations, people with great influence) in order to trick the unsuspecting user into giving away their sensitive information such as login credentials, bank account numbers, and contact details. In many cases, the victim doesn’t know that his/her sensitive information is already compromised, enabling the hacker to continue attacking others in the same company/organization without raising suspicion.Ransomware attack. Ransomware is defined as a type of malware that uses encryption to hold or lockout a user from their own data. It essentially holds a victim’s system hostage. This usually happens when an unsuspecting target downloads malware disguised as a normal application from the web. It can also affect several users in the same network internally or through a single USB flash drive that connects to multiple computers. To restore access to said data, the hacker then demands a ransom from the victim, which the victim then obliges to pay via numerous online methods in order to get a decryption key which is then used to unlock the affected files.Man in the Middle attack. This kind of attack happens when the hacker eavesdrops on two people sending sensitive information back and forth between each other. The two people are unaware that they are, in effect, being spied by that man in the middle. That hacker receives the legitimate information being sent from User A, manipulates it (ex. adding malware) and compromises it, and sends that data into User B. Both users still think they are directly communicating with each other, and are unaware that the data they are sending between each other is already manipulated. DNS Spoofing. This attack occurs when the hacker modifies the DNS (domain name system) records to send traffic to a spoofed website. In this kind of attack, the hacker takes advantage of the fact that the unsuspecting user is visiting a legitimate website. Once there, the hacker then steals the user’s credentials and now has the opportunity to commit several offenses in the name of the unsuspecting user or the victimized company. Trojan horse attack. Also called a trojan virus, this attack happens when an unsuspecting user downloads a malware application hidden inside a seemingly harmless file and executes it. When the program is executed, the attackers then gain access to the user’s computer and its respective files through the use of a backdoor opened by the Trojan. The suspect file is relatively unknown to the user, but it acts as a courier for numerous threats. This kind of attack gets its name from the Greek myth wherein Greek soldiers jumped out from hiding inside a wooden horse which was presented as a gift to the city of Troy, sacking the city in effect.

How to Write an Information Security Report

It is vital for the people working in a company or an organization to be able to write an Information Security report, should an incident happen. Here are the steps to use as a guide:

1. Gather information.

Ask as many people as you can who saw the incident happening for details. Then gather all the necessary data, such as the date, time, and location of said incident, and the kind of information security incident that just happened. If they permit you, also include the names, the departments, and contact details of the people you’ve asked. Including their contact details enables the authorities to contact them should they have any further questions or developments regarding the incident that took place.

2. Write your personal information.

As you begin writing on the report, it is also important to write your personal information in the spaces provided, including your name, contact details, your company details, and your home address. This enables the investigators to know who wrote the information security report, and also enables them to contact you for further information, or to ask for clarification should they find any inconsistencies in your report.

3. Write down the information gathered.

This is where you write the events that took place. You should remember to stick to the facts of the incidents, and never, ever include your own opinions. You should only write the facts that you are 100% sure it took place. You can also write down all the information that you have gathered from the people you’ve asked from. Also, remember to use as little technical jargon as possible. You should also format the report properly, and avoid writing a very long paragraph so that your report is easier to read. You can also attach files and photos to the information security report, to make it easier for the authorities. You can also include here a timeline of how the events unfolded. In writing the incident, you can remember the 5 Ws (What, Where, Why, Who, When) and 1 H (How) to make the report more authentic and credible.

4. Verify the form.

Once the report writing is finished, it is important to double-check what you’ve written in your report for missing information and facts, story inconsistencies, and grammatical errors. Make sure that all the events that you’ve written match what actually happened, and all the facts, names, and dates that you’ve listed down are factual. Also, verify that the supporting files and photos attached match the description of your report. This is your opportunity to polish your written report because any unseen typographical error can be detrimental to the progress of the investigation and may change its outcome.

5. Submit the report to the intended recipient.

Once you’ve double-checked the information security report you’ve written, and you’re confident that everything in the report is true and correct, it is now time to submit your report to the investigator, to the authorities, or whoever the intended recipient is so they can begin their investigation and provide their appropriate recommendation report and feedback. It is also important that you should submit the final report securely, using a method agreed upon by both parties. Be sure to have your lines ready in case they contact you during the investigation period.

FAQs

Is there a difference between information security and cybersecurity?

Yes, there is. Cybersecurity is defined as the protection of internet-connected systems from cyber threats. It is a broader practice of defending assets from an attack. Meanwhile, information security covers the tools and refers to the set of practices of keeping data secure from unauthorized access. Information security is a specific discipline under cybersecurity.

What is a cyberattack?

It refers to a method used by an individual hacker or a group of hackers to compromise a computer system, by modifying, encrypting, leaking, or destroying the data stored inside it. This is due to cybersecurity system failure. Most cyberattacks are opportunistic, with the attackers simply detecting various vulnerabilities inside a system and exploiting them.

How many types of information security attacks are there?

There are two of them, namely active attacks and passive attacks. An active information security attack involves altering an intercepted message. These attacks are generally much more difficult to prevent. In a passive attack, however, the hacker monitors a target system and illegally copies information without detection and without altering the information. These kinds of attacks are much easier to prevent with strong security measures.

Learning all about information security and writing a corresponding report form is a vital skill to learn for any employee working in a company or organization that deals with this area of expertise. The templates provided above can certainly be used as a guide should one have difficulties in making it.