What is Information Security?
Information Security refers to all aspects of protection covering information and information systems from unauthorised access, use, disclosure, disruption, modification, or destruction. The aim is to provide confidentiality, integrity, and availability of information systems and the information within. • Confidentiality: only authorised persons are allowed to know or gain access to the information stored or processed by Information Systems in any aspects; • Integrity: only authorised persons are allowed to make changes to the information stored or processed by Information Systems in any aspects; • Availability: Information Systems should be available to users at any given or specified period of time.
The four basic Information Security services are: • Data Integrity: Detecting if information has been altered by unauthorised or unknown means. • Secrecy (Confidentiality): Keeping information secret from all but those who are authorised to see it. • Authentication: Corroboration of the identity of an entity (for example, a person, computer terminal or smart card). • Non-repudiation: Preventing the denial of previous commitments or actions. Information security services are currently provided by a combination of physical protection, secret or inherent information, authentic channels and protocols based on cryptographic primitives such as encryption. As our day-to-day personal communications and business interactions are increasingly being conducted by electronic means over the Internet, and Web Services-based applications are increasingly becoming available, these four security properties of information are rapidly growing in importance as we seek to protect the privacy of our personal
Information Security refers to all aspects of protection for information. Most often, these aspects are classified in five categories: confidentiality, integrity, availability, non-repudiation and authentication of information. Confidentiality refers to the protection of the information from being disclosed to unauthorised parties while integrity refers to the protection of information from being changed by unauthorised parties. Availability refers to the information being available to authorised parties when requested. Non-repudiation refers to the provision of proof of the origin such that the sender cannot deny sending the message, and the recipient cannot deny the receipt of the message. Authentication refers to a process or method to identify and to prove the identity of a user / party who attempts to send message or access data.
Information Security is a broader term than IT Security or Internet Security or Enterprise Data Security. Information Security encompasses data stored in digital fashion (electronic format), trade secrets, know-how, intellectual property rights, historical data, information on data access, policies and procedures laid down, compliance & standards established within the organization, plans and budgets, financial & management data, brochures, images, logo and designs, employee information and so on and so forth. Information Security includes the organization’s policy on IT Security, Internet Security, Enterprise Data Security, etc.,. To put it in other words, it looks at protecting / safeguarding information and information systems from anyone including employees, consultants, suppliers, customers and of course, malicious hackers. However, people often confuse information security with IT Security. IT Security is a term which is more concerned with the protection of hardware, software an
Information security is the process of protecting information. It protects its availability, privacy and integrity. Access to stored information on computer databases has increased greatly. More companies store business and individual information on computer than ever before. Much of the information stored is highly confidential and not for public viewing. Many businesses are solely based on information stored in computers. Personal staff details, client lists, salaries, bank account details, marketing and sales information may all be stored on a database. Without this information, it would often be very hard for a business to operate. Information security systems need to be implemented to protect this information. Effective information security systems incorporate a range of policies, security products, technologies and procedures. Software applications which provide firewall information security and virus scanners are not enough on their own to protect information. A set of procedure
