What is INFORMATION SECURITY ?
– BY MARIYAM CHOWDHARY
Information Security is not all about securing information from unauthorized access. Information Security is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of information. Information can be physical or electrical. Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics, etc. Thus, Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media, etc.
Information Security programs are built around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability.
- Confidentiality – means information is not disclosed to unauthorized individuals, entities, and processes. For example, if we say I have a password for my Gmail account but someone saw while I was doing a login into the Gmail account. In that case, my password has been compromised and Confidentiality has been breached.
- Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way. For example, if an employee leaves an organization then in that case data for that employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and in addition to this only authorized person should be allowed to edit employee data.
- Availability – means information must be available when needed. For example, if one needs to access information of a particular employee to check whether the employee has outstood the number of leaves, in that case, it requires collaboration from different organizational teams like network operations, development operations, incident response, and policy/change management.
- Denial of service attack is one of the factors that can hamper the availability of information.
The need for Information Security
Information system means to consider available countermeasures or controls stimulated through uncovered vulnerabilities and identify an area where more work is needed. The purpose of data security management is to make sure business continuity and scale back business injury by preventing and minimizing the impact of security incidents. The basic principle of Information Security is:
The need for Information security:
- Protecting the functionality of the organization: The decision-maker in organizations must set policy and operates their organization in compliance with the complex, shifting legislation, efficient and capable applications.
- Enabling the safe operation of applications: The organization is under immense pressure to acquire and operates integrated, efficient, and capable applications. The modern organization needs to create an environment that safeguards application using the organizations IT systems, particularly those application that serves as important elements of the infrastructure of the organization.
- Protecting the data that the organization collect and use: Data in the organization can be in two forms that are either in rest or in motion, the motion of data signifies that data is currently used or processed by the system. The values of the data motivated the attackers to seal or corrupts the data. This is essential for the integrity and the values of the organization’s data. Information security ensures the protection of both data in motion as well as data in rest.
- Safeguarding technology assets in organizations: The organization must add intrastate services based on the size and scope of the organization. Organizational growth could lead to the need for public key infrastructure, PKI an integrated system of the software, encryption methodologies. The information security mechanism used by the large organization is complex in comparison to a small organization. The small organization generally prefers symmetric key encryption of data.
11 thoughts on “What is INFORMATION SECURITY ?”
thanks for this article from this article i have clear my doubts on information security. and to be very honest i dont know about CIA but this article helps my to understand it.
Very informative articles showcasing the need of information security and various fields where it is required and yes its true that information security is must and it can be physical or electric and it is formed on 3 basic pillars i.e confidentially,integrity,availability and it is basically means to identify the work areas and consider available countermeasures.
The article accurately sheds light on the basic fundamentals needed for the smooth functioning of information security programmes and also how efficiently it slides into the need for safeguarding the data that an organization collects to how the technological assets can be protected with the help of various techniques.
Very informative articles showcasing the need of information security and various fields where it is required
Very informative articles showcasing the need of information security and various fields where it is required.
I like the article but I wished to read more some more about the other objective but the thighs written are really informative and fresh.
Awareness of CIA and information security is essential for the people as nowadays all the data is saved in the electronic forms in all the forms and companies and its misuse can do severe damage to one. Thanks for the article which made it simple to understand.
Information security awareness is very important practice nowadays and you have explained it in a very good manner. Amazing write up..!! It’s too informative.
Very informative article it has cleared all my doubts and is very enticing. Good work
very knowledgeable article .nowdays usurpation of electronic material lead to huge losses awareness about information security .also cryptography which eneables us to encrypt or decrypt data transmit it securely across internet sting cryptography saves ones from cryptoanalysis.main object of cryptography is information security which boosts confidentiality,data integrity,non repudiation.
Information security is talk of the days with increasing numbers of cyber attacks and crime in the country there is a requirement of taking these things very seriously. Hackers in years have become more notorious, violent and active then they were back then. Bot only government but even all of us have to be careful about such things or we will be one of those victims. Technology can be used against these hackers by using blockchain, encrypted firewalls, clod based storage systems, classified data and data organization.