Information security

Information security is the practice of protecting information by mitigating information risks. It is part of information risk management.[1] It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge).[2][3] Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the 'CIA' triad)[4] while maintaining a focus on efficient policy implementation, all without hampering organization productivity.[5] This is largely achieved through a structured risk management process.[6]

To standardize this discipline, academics and professionals collaborate to offer guidance, policies, and industry standards on passwords, antivirus software, firewalls, encryption software, legal liability, security awareness and training, and so forth.[7] This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, transferred, and destroyed.[8]

While paper-based business operations are still prevalent, requiring their own set of information security practices, enterprise digital initiatives are increasingly being emphasized,[9][10] with information assurance now typically being dealt with by information technology (IT) security specialists. These specialists apply information security to technology (most often some form of computer system).

IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses.[11] They are responsible for keeping all of the technology within the company secure from malicious attacks that often attempt to acquire critical private information or gain control of the internal systems.[12][13]

There are many specialist roles in Information Security including securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning, electronic record discovery, and digital forensics.[14]

  1. ^ Joshi, Chanchala; Singh, Umesh Kumar (August 2017). "Information security risks management framework – A step towards mitigating security risks in university network". Journal of Information Security and Applications. 35: 128–137. doi:10.1016/j.jisa.2017.06.006. ISSN 2214-2126.
  2. ^ Daniel, Kent; Titman, Sheridan (August 2006). "Market Reactions to Tangible and Intangible Information". The Journal of Finance. 61 (4): 1605–1643. doi:10.1111/j.1540-6261.2006.00884.x. SSRN 414701.
  3. ^ Fink, Kerstin (2004). Knowledge Potential Measurement and Uncertainty. Deutscher Universitätsverlag. ISBN 978-3-322-81240-7. OCLC 851734708.
  4. ^ Samonas, S.; Coss, D. (2014). "The CIA Strikes Back: Redefining Confidentiality, Integrity and Availability in Security". Journal of Information System Security. 10 (3): 21–45. Archived from the original on September 22, 2018. Retrieved January 25, 2018.
  5. ^ Keyser, Tobias (April 19, 2018), "Security policy", The Information Governance Toolkit, CRC Press, pp. 57–62, doi:10.1201/9781315385488-13, ISBN 978-1-315-38548-8, retrieved May 28, 2021
  6. ^ Danzig, Richard; National Defense University Washington DC Inst for National Strategic Studies (1995). "The big three: Our greatest security risks and how to address them". DTIC ADA421883.
  7. ^ Lyu, M.R.; Lau, L.K.Y. (2000). "Firewall security: Policies, testing and performance evaluation". Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000. IEEE Comput. Soc. pp. 116–121. doi:10.1109/cmpsac.2000.884700. ISBN 0-7695-0792-1. S2CID 11202223.
  8. ^ "How the Lack of Data Standardization Impedes Data-Driven Healthcare", Data-Driven Healthcare, Hoboken, NJ, US: John Wiley & Sons, Inc., p. 29, October 17, 2015, doi:10.1002/9781119205012.ch3, ISBN 978-1-119-20501-2, retrieved May 28, 2021
  9. ^ "Gartner Says Digital Disruptors Are Impacting All Industries; Digital KPIs Are Crucial to Measuring Success". Gartner. October 2, 2017. Retrieved January 25, 2018.
  10. ^ "Gartner Survey Shows 42 Percent of CEOs Have Begun Digital Business Transformation". Gartner. April 24, 2017. Retrieved January 25, 2018.
  11. ^ Fetzer, James; Highfill, Tina; Hossiso, Kassu; Howells, Thomas; Strassner, Erich; Young, Jeffrey (November 2018). "Accounting for Firm Heterogeneity within U.S. Industries: Extended Supply-Use Tables and Trade in Value Added using Enterprise and Establishment Level Data". Working Paper Series. National Bureau of Economic Research. doi:10.3386/w25249. S2CID 169324096.
  12. ^ "Secure estimation subject to cyber stochastic attacks", Cloud Control Systems, Emerging Methodologies and Applications in Modelling, Elsevier: 373–404, 2020, doi:10.1016/b978-0-12-818701-2.00021-4, ISBN 978-0-12-818701-2, S2CID 240746156, retrieved May 28, 2021
  13. ^ Nijmeijer, H. (2003). Synchronization of mechanical systems. World Scientific. ISBN 978-981-279-497-0. OCLC 262846185.
  14. ^ "9 Types of Cybersecurity Specializations".