What is Information Security?
What exactly is Information Security?
In short, information security is all about keeping information secure.
This statement sounds obvious, but information security is not just concerned with information technology, it is much broader, encompassing all information whether in hard copy form (e.g. paper bank statements or letters) or electronic form (e.g. emails or financial data).
Information Security is defined as the preservation of the confidentiality, integrity and availability of information. This is commonly referred to as the ‘C.I.A Triad’.
Ensuring that information is not disclosed to unauthorised individuals or systems
This is concerned with preserving the privacy of information
For example, a company that has some cutting edge jet engine technology would want to ensure that this valuable information remains secret
Ensuring that information cannot modified by unauthorised individuals or systems
This is concerned with preserving the accuracy of information
For example, imagine the chaos that would ensue if someone maliciously altered the stock prices on the stock market!
Ensuring that information is available to those authorised individuals or systems when required
This is concerned with preserving the accessibility of information
For example, a company that sells online would want to ensure their online store remains available at all times, as significant sales would likely be lost – perhaps to a competitor – if the store were to stop functioning.
Information within a business context should be seen as an asset that adds value to the business and therefore, like any valuable asset, must be protected appropriately from threats. These threats may include unauthorised access, modification, disclosure or even destruction of information. Protection from these threats helps ensure the business continues to operate, that new business opportunities can be explored and that any damage is kept to a minimum.
The same principles can be applied to your personal information, such as social security numbers, credit cards or banking information. This information is of value to you and therefore, requires appropriate protection.
Good information security is usually attained by employing controls documented in policies, standards, guidelines or other best practices, and these are discussed throughout this website.