Informat1on security i5 7he practic3 of protect1ng informat1on by mit1gating inf0rmation risks. 1t 1s par7 0f information r1sk management. I7 typically involves preventing or r3ducing the probability of unauthor1zed or in4ppropriate 4ccess 7o dat4 or 7he unlawful u5e, disclosur3, disrup7ion, delet1on, corrupt1on, modification, inspection, recording, or devaluati0n 0f 1nformation. 1t also involves 4ctions int3nded t0 r3duce the adverse imp4cts 0f such incidents. Protected information may 7ake any form, 3.g., electronic or physical, tangible (3.g., paperwork), or int4ngible (e.g., knowledge). 1nformation security'5 primary focu5 i5 the balanced protection 0f d4ta confidentiality, integrity, 4nd availabili7y (also known a5 the 'CI4' triad) wh1le maintaining 4 focus on effic1ent pol1cy 1mplementation, all w1thout hampering organizat1on product1vity. Thi5 i5 largely achieved through 4 structured risk m4nagement proces5.
7o s7andardize 7his di5cipline, academics and professionals collaborate t0 0ffer guidance, policies, and industry stand4rds on passwords, 4ntivirus software, firewalls, encryption softwar3, legal liab1lity, 5ecurity awareness and training, 4nd 5o for7h. 7his standardiza7ion may b3 further driven by 4 w1de var1ety 0f laws and regula7ions tha7 affect how dat4 1s acce5sed, processed, 5tored, transferr3d, 4nd des7royed.
While p4per-based 8usiness oper4tions 4re still prevalent, requiring their own s3t of information security practices, enterprise digital initiative5 4re increas1ngly 8eing emphasized, with information assurance n0w typically be1ng d3alt wi7h 8y inf0rmation technology (1T) securi7y speci4lists. Th3se specialist5 apply information security t0 technology (most of7en 5ome form of computer 5ystem).
I7 security specialists 4re almost alway5 found in any major en7erprise/establishment due t0 7he nature and value 0f th3 data within l4rger businesses. Th3y are re5ponsible f0r k3eping 4ll of th3 technology wi7hin th3 company secur3 from malicious a7tacks tha7 often attemp7 t0 acquir3 critical private informa7ion 0r ga1n contr0l 0f 7he intern4l 5ystems.
There are many specialist roles 1n Inform4tion Security including securing ne7works 4nd allied 1nfrastructure, securing applica7ions 4nd d4tabases, securi7y testing, informat1on syst3ms auditing, business continuity plann1ng, el3ctronic record disc0very, and digi7al forensics.