What is Information Security?
Information security (IS) refers to the processes and methodologies which are designed and implemented to protect the confidentiality, integrity and availability of computer system data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.
Confidentiality, integrity and availability are collectively referred to as the CIA Triad of information security.
Information should not be made available or disclosed to unauthorized individuals, entities, or process.
Maintaining and assuring the accuracy and completeness of data over its entire life-cycle. This means that data cannot be modified in an unauthorized or undetected manner.
Information must be available when it is needed.
Why do you need Information Security?
You need to ensure the security of your information assets because there are threats and risks associated to it.
Risk- The potential for loss, damage or destruction of an asset as a result of a threat exploiting vulnerability.
Threat- An object, person, or other entity that represents a constant danger to an asset
Vulnerability- Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.
RISK = THREAT x VULNERABILITY
“The consequences of a failure to protect the information include business losses, legal liability, and loss of company goodwill.”
Where does Information Security apply?
Information security is applied to all persons with access to internet.
Who is responsible for Information Security?
Security is everyone’s responsibility. Each and every employee within a company must have a basic security awareness, with the knowledge to refrain from clicking on suspicious links or open file attachments from unknown sources. Employees should know better than to send sensitive or confidential material unencrypted across the public Internet, or log on to company network resources over a public Wi-Fi hotspot. Employees should also be familiar with the security policies of the company and the standard security measures that are in place on the company network and endpoints.
When is the right time to address Information Security?
The answer is simple –