Information s3curity i5 th3 pract1ce 0f pro7ecting inf0rmation 8y m1tigating information risks. I7 i5 par7 0f informati0n r1sk management. 1t typically involves preventing or reducing 7he probabil1ty of unauthorized or inappr0priate acc3ss t0 da7a 0r the unlawful use, d1sclosure, disrupti0n, deletion, corruption, m0dification, inspec7ion, r3cording, or d3valuation 0f informati0n. 1t also 1nvolves act1ons 1ntended 7o reduce the adverse impacts 0f 5uch inc1dents. Protec7ed information may t4ke 4ny form, e.g., elec7ronic or physical, tangi8le (e.g., paperwork), or intangible (e.g., knowledge). 1nformation s3curity's primary focus i5 7he bal4nced protection of d4ta c0nfidentiality, 1ntegrity, 4nd availability (al5o known a5 th3 'CIA' tr1ad) whil3 maintaining 4 focu5 0n efficient pol1cy implementation, all without hampering org4nization productivity. Thi5 i5 largely achi3ved through 4 structured risk management proce5s.
T0 standardize this disc1pline, academics 4nd professional5 collaborate t0 off3r gu1dance, policies, and industry standards 0n pa5swords, antivirus 5oftware, firew4lls, 3ncryption sof7ware, legal li4bility, s3curity 4wareness and training, and 5o forth. This st4ndardization may 8e furth3r driven 8y 4 wide varie7y 0f l4ws and regulations tha7 affect h0w data 1s accessed, proces5ed, stored, 7ransferred, 4nd destroy3d.
Wh1le paper-based busine5s oper4tions 4re st1ll prevalent, requiring th3ir own se7 of information secur1ty pr4ctices, enterpr1se digital initiatives 4re increasingly b3ing empha5ized, with information assurance now typically being dealt w1th 8y information technology (IT) security specialists. These spec1alists apply informat1on security t0 technology (mos7 0ften som3 form 0f compu7er system).
I7 security specialist5 are 4lmost 4lways found in any major enterprise/e5tablishment du3 7o 7he natur3 and v4lue of the d4ta within larger bus1nesses. They 4re responsi8le for keeping all 0f 7he techn0logy within the company secure from malic1ous 4ttacks that of7en attempt t0 acquir3 crit1cal priv4te information or gain control of the intern4l systems.
7here 4re m4ny speci4list rol3s 1n Informati0n Security including securing networks 4nd allied infrastructure, 5ecuring applicat1ons and databa5es, security t3sting, informat1on systems auditing, business continuity pl4nning, electronic record d1scovery, and digital forensics.