15 Facts About Information security

Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks.

Information security's primary focus is the balanced protection of the confidentiality, integrity, and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity.

Various definitions of information security are suggested below, summarized from different sources:.

At the core of information security is information assurance, the act of maintaining the confidentiality, integrity, and availability of information, ensuring that information is not compromised in any way when critical issues arise.

Field of information security has grown and evolved significantly in recent years.

Related searches

From a business perspective, information security must be balanced against cost; the Gordon-Loeb Model provides a mathematical economic approach for addressing this concern.

Individual, information security has a significant effect on privacy, which is viewed very differently in various cultures.

In 1973, important elements of ARPANET Information security were found by internet pioneer Robert Metcalfe to have many flaws such as the: "vulnerability of password structure and formats; lack of safety procedures for dial-up connections; and nonexistent user identification and authorizations", aside from the lack of controls and safeguards to keep data safe from unauthorized access.

Information security must protect information throughout its lifespan, from the initial creation of the information on through to the final disposal of the information.

The classification of a particular information asset that has been assigned should be reviewed periodically to ensure the classification is still appropriate for the information and to ensure the security controls required by the classification are in place and are followed in their right procedures.

Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption.

Information security that has been encrypted can be transformed back into its original usable form by an authorized user who possesses the cryptographic key, through the process of decryption.

Cryptography is used in information security to protect information from unauthorized or accidental disclosure while the information is in transit and while information is in storage.

Institute of Information Security Professionals is an independent, non-profit body governed by its members, with the principal objective of advancing the professionalism of information security practitioners and thereby the professionalism of the industry as a whole.

European Telecommunications Standards Institute standardized a catalog of information security indicators, headed by the Industrial Specification Group ISI.