Understanding the Various Branches of Information Security

calendar Nov 3, 2025 / · 5 min read · information security cybersecurity security layers defense in depth information assurance network security physical security security management  ·
Share on: linkedin copy

Understanding the Various Branches of Information Security

Introduction

The purpose of information security is to protect a companies or organization's valuable assets as Peltier (2013) points out. Information security includes securing computer hardware and software and information or data. The information security team, using the appropriate applications assist in defending the mission of the company or organization by protecting the physical and financial resources, reputation, legal position, employees and assets. An organizations information security program is devised so that security enables the organization to move forward not slow productivity down. For information security to become highly productive in a company, the company must explore and assess the information security risks to business unit(s) operations. The business or organization must also identify what policies, standards, and controls are essential in implementing to reduce the security risks identified. Promoting awareness and understanding amongst the team members is also required. Once policies, standards, and controls are implemented information security must assess the compliance and control effectiveness of what is put and place and revise if needed as Peltier (2013) discusses. The security enabled in a business must be layered in design and the approach to security is sometimes referred to as multilayered defense or defense in depth as Solomon, Kim, & Carrell (2015) discuss. The purpose of the paper is explain why it is important to understand the various branches of security.[^6][^8]

Layers of Information Security

The concept view of information security, as described by Jacobs (2015), is a set of related branches or areas of security. All the branches are equally reliant on each other while maintaining the security of an organization. The concept view of security visualizes security as branches, layers or rings and assists in understanding why it is each layer is import along with all the others. The layers or rings include physical, personnel, network, and computer security. The security layers are not intended to be in a hierarchy between each layer of security but is intended to portray that layered methodology to security is crucial to achieving an economically worthwhile information security program as Jacobs (2015) discusses.[^6]

Physical Security Layer

Every branch or layer of security has a focus or a need to create a barrier to unwanted intruders access to organization's assets. The physical security objective is to protect and control physical access as Jacobs (2015) points out. Securing the perimeter simply means physically limiting access to the facility. Both the internal and external perimeter are protected. Examples of types of physical access required are the access to buildings or offices. A data center, where computers run, requires the physical access to be secured along with all the cables used for network communications. Physical cables need to be secured when communications span buildings or even travel to other countries.[^6]

Personnel Security Layer

Process and procedures are needed to protect personnel security as Jacobs (2015) points out. An excellent example for checking personnel security or identities occurs in businesses that do work on behalf of the government. Each employee, visitor, supplier and any others the organization interactions requires having their identities checked and verified. In some cases, foreign personnel are unable to participate in specific meetings or able to conduct business in various parts of the building due to the sensitive nature of the information handled and discussed. Security policies and procedures for the organization identifies what personnel can and cannot do including terminations or disciplinary action was taken for any wrong doing as discussed by Jacobs (2015). Regular training by the organization is required do be sure team members are up to date with regulations and required constraints that need to be followed.[^6]

Network Security Layer

The next layer is Network Security. Network security policy, procedures, and processes need to be in place to ensure no bad actors breach the internal network. Network security entails providing data transfer between network devices and making sure the transfer is secure and protected as Jacobs (2015) discusses. Network security includes networks such as Virtual Private Networks (VPNs) between the organisations sites. The VPN provides a secure connection between to places. It is also important to montioring network traffic. Tools are used to monitor and protect the network such as the use of a Firewall, Intrusion Preventions System (IPS) or even collecting Full Content Data (FCD) that allows security analysts to analyze packets on the network.[^6]

Computer Security Layer

Computer security involves the areas of computer hardware, software and granting users access to resources along with providing other administration tasks. Keeping the computer security posture up to date involves teamwork between many different groups in the organization. Computer security includes the security of devices, data, application, operations and databases as described by Jacobs (2015). Examples of computer security is applying security patches to each and every server, laptop and mobile device operating systems to protect them from the latests vulnerablities.[^6]

Conclusion

It is essential to understand all the different branches of Information Security. Each one covers a specific type of security. Information security has had different insights and views formed over the years as Jacob (2015) points out. Any viewpoint of information security, no matter which branch of information security, one needs to realize that each layer of security and the people working together on that branch of security assists in building walls or layers to protect the organizations assets(s). The protection of each branch is always evolving while following standards, procedures and processes put in place to secure assets. Continuously improving any one of standards, procedures and processes is required so new vulnerabilities cannot penetrate the branches of security going forward. By blocking bad actors with branches of security and applying continuous improvement methods the organization realizes the importance of each branch which ultimately provides robust security for the organization as a whole and reduces the risk of attack by bad actor(s) from internal and external sources. That is why it is important to understand the different branches of security.[^6]

References

Jacobs, S. (2015). Engineering information security: The application of systems engineering concepts to achieve information assurance (2nd ed.). Hoboken, NJ: Wiley.

Peltier, T. R. (2013). Information security fundamentals (2nd ed.). Boca Raton, FL: CRC Press.

Solomon, M. G., Kim, D., & Carrell, J. L. (2015). Fundamentals of communications and networking (2nd ed.). Retrieved from http://common.books24x7.com.ezproxy2.apus.edu/toc.aspx?bookid=69825

Posts in this series