Information Security describes the processes and methodologies used to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.
Often, people use the terms information security, computer security and information assurance interchangeably. These fields do overlap. They also share the common goals of protecting the confidentiality, integrity and availability of information. However, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data. This covers any form of data: electronic, print, or other forms.
Information Security is one of the fastest growing areas of IT support. As a business owner, CIO or IT Director, you can’t secure a network unless you know everything about it. Therefore, here are some questions to consider:
- What security tool/s does your business use?
- How often do you perform security testing?
- What protocol do you use when you discover vulnerabilities?
- How often are do you perform risk assessments?
Once all of this information is documented, a strategic plan can be formulated.
Eddie Schwartz, the former Chief Security Officer at RSA, believes that a lot of the money currently invested in the security space could be better spent. Schwartz is adamant that most of the traditional tools that security people have historically invested in like, firewalls, intrusion detection, anti-virus – “are completely worthless against nation-sponsored attacks, determined criminals, anonymous or determined insiders – COMPLETELY WORTHLESS.”
Information Security is not entirely a technical issue. There is no “one size fits all” approach to security. Business owners and those managing IT must constantly adjust their strategy to stay ahead of new threats and continue to reduce risk. The implementation of information security is a complex process due to the large number of factors that may affect its effectiveness.
Consequently, Information Security is not just IT business --now it's everybody’s business.