Information Security

Information security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. This book offers an introduction to the fundamentals of information security.

---

Information is an asset to all individuals and businesses. The value of an organization lies within its information - its security is critical for business operations, as well as retaining credibility and earning the trust of clients. Information security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. Information security responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage. Information security has become very important in most organizations. The main reason for this is that access to information and the associated resources has become easier because of the developments in distributed processing, for example the Internet and electronic commerce. The result is that organizations need to ensure that their information is properly protected and that they maintain a high level of information security. In many cases, organizations demand some proof of adequate information security from business partners before electronic commerce can commence. Organizations employ a dedicated security group to implement and maintain the organization’s information security program. The security group is generally responsible for conducting risk management, a process through which vulnerabilities and threats to information assets are continuously assessed, and the appropriate protective controls are decided on and applied. When information is not adequately protected, it may be compromised and this is known as an information or security breach. The consequences of an information breach are severe. For businesses, a breach usually entails huge financial penalties, expensive law suits, loss of reputation and business. For individuals, a breach can lead to identity theft and damage to financial history or credit rating. Recovering from information breaches can take years and the costs are huge. Threats to sensitive and private information come in many different forms, such as malware and phishing attacks, identity theft and ransomware. To prevent attackers and mitigate vulnerabilities at various points, multiple security controls are implemented and coordinated as part of a layered defense in depth strategy. This should minimize the impact of an attack. To be prepared for a security breach, security groups should have an incident response plan (IRP) in place. This should allow them to contain and limit the damage, remove the cause and apply updated defense controls.