Information Security
Information security is, broadly, the practice of securing your data, no matter its form. It can just as easily be about protecting a filing cabinet of important documents as it is about protecting your organization’s database.
Information security can be defined as:
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:
- Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information
- Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
- Availability, which means ensuring timely and reliable access to and use of information.
Examples of information security:
Procedural controls
These controls prevent, detect, or minimize security risks to any physical assets such as computer systems, data centers, and even filing cabinets. These can include security awareness education, security framework, compliance training, and incident response plans and procedures.
Access controls
These controls dictate who’s allowed to access and use company information and the company network. These controls establish restrictions on physical access to building entrances and virtual access, such as privileged access authorization.
Technical controls
These controls involve using multi-factor user authentication at login, firewalls, and antivirus software.
Compliance controls
These controls deal with privacy laws and cybersecurity standards designed to minimize security threats. They require an information security risk assessment and enforce information security requirements.