Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.The field of information security has grown and evolved significantly in recent years. There are many ways of gaining entry into the field as a career. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning etc.

Next Generation Firewall

The next-generation firewall (NGFW) describes an enterprise firewall/VPN that has the muscle to efficiently perform intrusion prevention sweeps of traffic, as well as have awareness about the applications moving through it in order to enforce policies based on allowed identity-based application usage. It's supposed to have the brains to use information such as Internet reputation analysis to help with malware filtering or integrate with Active Directory.

SIEM

Security Information and Event Management (SIEM) solutions are a combination of the formerly disparate product categories of SIM (security information management) and SEM (security event management). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM solutions come as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.

Identity Management

Identity management (or ID management, or simply IdM) is a broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an organization) and controlling access to the resources in that system by placing restrictions on the established identities of the individuals. Identity management (IdM) is a term related to how humans are identified and authorized across computer networks. It covers issues such as how users are given an identity, the protection of that identity, and the technologies supporting that protection etc.

Network Access Control

Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.Network Access Control aims to do exactly what the name implies-control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

Digital Certificates

Digital certificate is used in conjunction with a public key encryption system. Digital certificates have two basic functions. The first is to certify that the people, the website, and the network resources such as servers and routers are reliable sources, in other words, who or what they claim to be. The second function is to provide protection for the data exchanged from the visitor and the website from tampering or even theft, such as credit card information.A digital certificate contains the name of the organization or individual, the business address, digital signature, public key, serial number, and expiration date. When you are online and your web browser attempts to secure a connection, the digital certificate issued for that website is checked by the web browser to be sure that all is well and that you can browse securely. The web browser basically has a built in list of all the main certification authorities and their public keys and uses that information to decrypt the digital signature. This allows the browser to quickly check for problems, abnormalities, and if everything checks out the secure connection is enabled. When the browser finds an expired certificate or mismatched information, a dialog box will pop up with an alert.

There are two main types of digital certificates that are important to building a secure website and these are server certificates and personal certificates.