23 Feb What do we mean by Information Security?
When I started writing up this blog, I sub-consciously had a certain audience in mind. The first few articles have required a level of understanding of information security, a shared knowledge of key terms and topics on the subject. Someone pointed this out to me, as a “limitation” (for lack of better words) towards reaching readers that are actually interested in this subject but have not worked in the field i.e. most of the world’s population 🙂 .
Information security decisions are ones made by each and every one of us on a daily basis. Every time we interact with the digital space, we are sharing our information, our data. Every time we use our phone, our laptop, browse our favourite social media feed or purchase something online to be delivered “in the next 3 days”. Most of the time unknowingly, we are trusting companies with our information, trusting that they will secure our privacy.
This is why having a basic level understanding of what information security means in our everyday lives, is valid to everyone with an online presence. Along with a number of other topics, I will also be writing short articles about the basics of information security, and how we can equip ourselves with the knowledge needed to protect ourselves and our data from being exploited.
The term information security, at its very basis refers to
“The protection of the Confidentiality; Integrity or Availability of information. Often referred to as the CIA Triad.”
Information can include our
- personal details – name, surname; age, address –
- financial information – credit card number; sales numbers; profit margins; value of stock
- photos – videos
- our google searches
- our amazon shopping history
- our facebook posts and uploads
Information security mechanisms, or more often referred to as controls, seek to protect that any information from being
- leaked to unauthorised individuals i.e. protects confidentiality
- amended by unauthorised individuals to reflect an incorrect truth i.e. integrity
- destroyed with malicious intent i.e. availability
C: As an individual you would not want your credit card details leaked to strangers, leaving you at risk of theft.
I: As an individual you would not want the incorrect meter reading information sent to your government, requiring you to pay extravagant fees that you didn’t actually incur.
A: As an individual you would not want your family photos destroyed, losing all your captured memories.
As an individual, you take or need to take precautions to protect your information on a daily basis. To organisations, this information is their most critical asset. In an era where information is now seen as more important than oil, businesses depend on their information to be secure. They trust information security professionals to put in the required controls to protect their information assets’ confidentiality, integrity and availability.
In this post we covered:
- What is information security
- What is information
- Why do we need to protect it
In the next post, I will write more about information security controls. What precautions can you take as an individual to protect your information? What does it mean for an organisation, when we refer to an information security controls framework?