Information Security

The protection of information and information systems against unauthorized access or modification of information, whether in storage, processing, or transit, and against denial of service to authorized users. Information security includes those measures necessary to detect, document, and counter such threats. Information security is composed of computer security and communications security. Also called INFOSEC. See also communications security; computer security; information security; information system.

In its most basic defintion, information security means protecting information and information systems from unauthorized access, use, disruption, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably.

Institutions of all sizes collect and store huge volumes of confidential information. The information may be about employees, customers, research, products or financial operations. Most of this information is collected, processed and stored on computers and transmitted across networks to other computers. If this information fell into the wrong hands, it could lead to lost business, law suits, identity theft or even bankruptcy of the business.

Information security has evolved significantly and grown even more important in recent years. From a craeer perspective, there are even more areas where a professional can work in the field. Some of the specialty areas within Information Security include network security, application and database security, security testing, information systems auditing, business continuity planning and digital forensics science, among others.

Confidentiality:-

Confidentiality has been defined by the International Organization for Standardization (ISO) in ISO-17799 as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography.

Confidentiality also refers to an ethical principle associated with several professions (e.g., medicine, law, religion, professional psychology, and journalism). In ethics, and (in some places) in law and alternative forms of legal dispute resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to third parties. In those jurisdictions in which the law makes provision for such confidentiality, there are usually penalties for its violation.

Confidentiality of information, enforced in an adaptation of the military's classic "need-to-know" principle, forms the cornerstone of information security in today's corporates. The so called 'confidentiality bubble' restricts information flows, with both positive and negative consequences.^[1]

Share this

Md Iskandar