Home > Publications > Non-Technical > What is Information Security?

What is Information Security?


Information security is the protection of information and systems from unauthorized access, use, disclosure, disruptions, modifications or destruction.  Confidentiality, integrity and availability ensure that the information is protected from disclosure, has not been modified, and is available when requested. The purpose of Information Security is to protect information from unauthorized use and to manage the accidental disclosing of information from unauthorized use. 

To prevent information security disclosure, the following guidelines are used: avoid providing information that cannot be normally found in public, be aware of shoulder surfers, don’t fall victim to online scams, and secure important documents in a locked location.  Never assume information is secure. The three facets are important to information security because it is the first step companies must take before setting up their own individual security policies.

Confidentially, integrity, and availability are three facets that formulate the protection of information from unauthorized use and provides guidelines on how to manage internal users. Confidentially prevents the disclosure of information to unauthorized individuals or computer systems by ensuring that the information has a specific security classification (classified, needs encryption, etc.). For example: providing information to an unauthorized user in a conversation is a breach of confidentially. 

Integrity protects information from being modified.  This can be done maliciously, in a way that would be illegal, or cause harm to individuals and computer systems.  An example of this would be a worm that infects and deletes or modifies files, thus voiding the integrity of the information.

Availability is the process of ensuring that the transportation method of the communication is always working and functioning properly. For example: if a backup system fails, the availability to get to the information is decreased or stopped, directly affecting how business is conducted.  This could result in lost revenue or worse, a damaged reputation.

Information security procedures are needed to protect a company’s information from illegitimate use, and unauthorized access.  Security policies are part of the information security process that is used to manage internal users and prevent abuse in how systems are accessed within a business environment.  Some methods for protecting information from unauthorized use include: encrypting the information, using two or second-factor authentication to restrict access, limiting the number of users who have access to the information, etc.  Information security policies enforce internal users to adhere a company’s security guidelines and best practices. 

Some tips for users to ensure they are not breaching information security policies are: be aware of people trying to “shoulder surf”, don’t click on or go to unknown websites, report wandering or unknown persons to the proper security office, and always ensure the information that is being worked with is secured in the best manner possible.  Since information resides everywhere the security of that information should always be taken into consideration.