What is Information Security?
Information Security is simply the process of keeping information secure: protecting its availability, integrity, and privacy.
Information has been valuable since the dawn of mankind: e.g. where to find food, how to build shelter, etc. As access to computer stored data has increased, Information Security has become correspondingly important. In the past, most corporate assets were “hard” or physical: factories, buildings, land, raw materials, etc. Today far more assets are computer-stored information such as customer lists, proprietary formulas, marketing and sales information, and financial data. Some financial assets only exist as bits stored in various computers. Many businesses are solely based on information – the data IS the business.
Information Security is a Process:
Information Security is a process. An information systems Security Policy is a well-defined and documented set of guidelines that describes how an organization manages, protects its information assets and makes future decisions about its information systems security infrastructure. Security Procedures document precisely how to accomplish a specific task. For example, a Policy may specify that antivirus software is updated on a daily basis, and a Procedure will state exactly how this is to be done – a list of steps.
Security is Everyone’s Responsibility:
End user awareness is critical, as hackers often directly target them. Users should be familiar with Security Policies and should know where the most recent copies can be obtained. Users must know what is expected and required of them. Typically this information should be imparted to users initially as part of the new hire process and refreshed as needed.
Information Security involves a Tradeoff between Security and
Remember, IT - and Information Security are business support functions:
Unless a companies business is IT, IT is (one of many) business support functions. Many IT professionals lose perspective - we do not!
© Copyright 2002-2013, Demopoulos Associates