Information Security

Information Security is the process of protecting information from unintended access by others. The methodologies for protecting information varies based on the type of information being protected, to whom the information currently belongs, and how the information could potentially be utilized by others.

Concern with the security of information has become more concentrated with the advent of electronic information storage mechanisms, and subsequently with the spread of information in an online environment. These mediums of information transportation have both helped and hindered the process of data protection. For instance, by allowing information to be encrypted and decrypted in a complex manner, data can be protected in a more robust way compared to solely human interaction. Conversely, the ease with which information can be copied and disseminated without expressed consent of the information-holder can cause it to be used in nefarious ways.

Information is linked explicitly with privacy in the case of an individual. Without protecting an individual's private information, they can be subject to identity theft. It is thus a moral and often legal obligation that companies provide security to the information of their clients.

Protecting bits and bytes can have as much of a real-world impact as protecting physical objects.

Conceptual Overview

Protecting private information is important to ensure that information is both reliable and confidential. When information is not protected in most formats, it can be tampered with causing inaccuracies or discrepancies. If the information is valuable and is not protected, it can be distributed to parties that could cause harm to it in some way. The CIA Model of Information Security (Confidentiality-Integrity-Availability) is a fundamental way of describing the steps necessary for protecting information.

The CIA Model of Information Security consists of three components for correctly protecting information.

Information Confidentiality

The process of ensuring that information is available only to those who are authorized to view it. Disclosure of parts or the entirety of sensitive information can harm those to whom the information belongs, as well as the inherent value of the information.

Information Integrity

Also called information reliability, it is of the utmost importance that information is accurate, up-to-date, and complete for those who use it. Protecting information against unwanted modification or destruction is a significant part of securing information.

Information Availability

Proving access to protected information in both a timely, reliable manner helps those who are monitoring it discover issues or changes in the information itself.