Information Security

Information security is the process in which confidentiality and integrity of information and data held within a computer system and network, regardless of whether the data is electronic, paper, or any other source. It is the protection of information as well as information systems from any unauthorized use, access, disclosure, modification, disruption, or destruction.

Many businesses small and large, private and public, including hospitals, banks, corporations, and government or military will have a vast amount of confidential information stored about employees, company research, financial status, and details as well as personal and private details about their customers. The majority of this information is correlated, processed and ultimately stored on electronic computers and then transmitted across networks to be forwarded to other computers. Information security is critical to prevent any of this information being lost or falling into the wrong hands.

A breach in information security could ultimately lead to business being lost, bankruptcy and even law suits. Protecting confidential information is not only a business requirement; it can also be a legal and ethical requirement. Integrity can be breached either deliberately or accidentally, but either way is a serious matter that can have serious consequences. A deliberate act of malicious integrity violation could be a computer being infected by a virus or an employee changing his salary on the company payroll database. An accidental violation could be a simple case of someone miss-spelling an address or deleting important files without meaning to. They are very different scenarios, but with very similar outcomes. It is the job of information security staff or specialists to find ways of implementing safety measures that prevent any errors of integrity.

Access to protected and confidential information must be restricted to those who are authorized to actually access it. Computers that perform the processing of the information, as well as the computer programs being used to carry out the task, must also have authorization. This means that mechanisms must be in place to ensure control of access to protected data and information. The access control mechanism should be as sophisticated as the value of the information being protected warrants. The more valuable the information, the stronger and more sophisticated the control mechanism should be. Information security is only as secure as its weakest mechanism.

Information security employs the use of cryptography to transform and translate usable information in such a way that it is unusable to anyone except the authorized user. This encryption process can be reversed back into its original state to become usable to an authorized user that possesses the cryptograph key. By using cryptography information can be protected from accidental or unauthorized disclosure during the informations transit or while it is in storage. Cryptography can also be used with other applications including digital signatures, encrypted network communications and improved authentication methods. It is also imperative to ensure that the keys used for encryption and decryption is protected with the same degree of importance as the confidential information they are designed to protect.