What is InfoSec?
An explanation for real people
The term "Information Security" (InfoSec) is generally accepted to mean "protecting information and information systems from unauthorised access, use, disclosure, disruption, modification, or destruction" in order to provide;
- Confidentiality: preserving authorised restrictions on access and disclosure, and means for protecting personal privacy and proprietary information. i.e.: only those that need access, have access.
- Integrity: guarding against improper information modification or destruction, and ensuring information nonrepudiation and authenticity. i.e.: the data is correct.
- Availability: ensuring timely and reliable access to, and use of, information. i.e.: you can find your data when you need it.
It can be helpful to think of Information Security as Health and Safety guidance and compliance for your business data and information. Just like health and safety, some of it is common sense, some of it is advisable, and some of it is governed by legislation. You have to comply with the legislation, but the rest of it is up to you, depending on how you view the risk, the likelihood of something happening, and the resultant consequences should something happen. Just like health and safety, there is no one size fits all solution to becoming secure. It's not just about technology either, in fact, most of it is about management, evaluating risks, and changing working practices to be more safe. Sometimes you'll need hard hats and harnesses, but often it's about making sure the floor is clean, and you're using a ladder instead of a chair!