What is information security? Why should you apply it in your organization?
What is Information Security?
Information security or infosec is the protection of information assets from unauthorized access, use, disclosure, disruption, modification, and destruction. It is a form of computer security that specifically deals with the protection of data in electronic form.
Information security’s primary concern is the confidentiality, integrity, and availability of data. This covers all aspects of a computer system, including the physical security of the hardware, operating systems, and software used, as well as procedural and personnel security.
Moreover, infosec includes steps to protect a computer system and the information stored on such a system from unauthorized access or release. These measures include policies, procedures, guidelines, and technologies. Of which protect information assets from unauthorized access or use.
Is Information Security the Same with Information Assurance?
The term “information security” is often used interchangeably with “information assurance” which is an infosec goal. However, it pertains to the protection of traditional (non-electronic) information assets. Besides, traditional infosec has evolved to incorporate non-technical (i.e., human) elements to ensure that human interactions with technology remain secure.
For example, a company may have an electronic database containing sensitive customer information that is accessible online by customers and employees alike. The company may also have implemented a policy requiring that users of this database enter their passwords whenever they access the database to ensure that only those authorized to view this data can do so.
Thus, electronic databases are not immune to misuse even when strong technological controls are provided, so additional controls (such as password policies) must be implemented to ensure the confidentiality of the data even if the database is breached.
So, companies often refer to these two types of control together in the overall context of “information security” as “technical controls” (e.g., firewalls, encryption) and “non-technical controls” (e.g., physical security policies).
Information Security Management System (ISMS) Definition:
Information Security Management System (ISMS) is “a management system for ensuring that an organization meets its objectives for information security”.
This involves taking into account risks before implementing measures to mitigate them; managing compliance; reporting on programs; training personnel; and maintaining documentation.
ISMS also guides how to manage infosec within an organization based on internationally recognized standards such as ISO 27001.
Why is Information Security Important?
According to the above, infosec is important for an organization because data is the most valuable asset for an organization.
So, it is necessary to protect the data. Moreover, data can be stolen by hackers or other unauthorized persons so that it can be used in negative ways.
For example, a criminal may use sensitive customer data to commit identity theft.
For example, infosec threats include:
- Computer virus and worm attacks
- Denial of service attack
Besides, there are physical threats also like theft of hardware and software from the organization’s premises.
Conclusion: Information Security Importance
Infosec is the protection of data assets from unauthorized access, use, disclosure, disruption, modification, and destruction. The primary concern of infosec is the confidentiality, integrity, and availability of data.
Moreover, information security includes steps to protect a computer system and the information stored on such a system from unauthorized access or use. These measures include policies, procedures, guidelines, and technologies. Of which protect information assets from unauthorized access or use.