Wikipedia

Information security

This is an old revision of this page, as edited by Ant (talk | contribs) at 14:05, 23 May 2002. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Information security deals with several different "trust" aspects of information. Another common term is information assurance. Information security is not confined to computer systems. It applies to all aspects of safeguarding or protecting information or data.

Most definitions of information security tend to focus, sometimes exclusively, on different usage and, or, media; e.g., “protect electronic data from unauthorized use”. In fact it’s a common misconception, or misunderstanding, that information security is synonymous with computer security – in any of its guises: computer and network security, information technology (IT) security, information systems security, information and communications technology (ICT) security… Each of these has a different emphasis, but the common concern is the security of information in some electromagnetic form: hence, all are subsets of information security. Conversely, information security covers not just information but all infrastructures that facilitate its use – processes, systems, services, technology, etc., including computers, voice and data networks, etc.

It is an important point that information security is not (necessarily) hermetic or watertight. No-one can ever eradicate all risk of improper or capricious use of any information. The level of information security should be commensurate with the value of the information and the loss, financial or otherwise, that might acrue from improper use – disclosure, degradation, denial, or whatever… Bruce Schneier makes this point in Secrets and Lies: information security is about risk management.

The three widely accepted elements (aims, principles, qualities, characteristics, ... ) of information security are:

These can be remembered by the mnemonic “CIA”.

A further, generally accepted element is:

Historical, up to about 1990, confidentiality was the most important element of information security, followed by integrity, and then availability. By 2010, availability will be at the top of this list of priorities. The first goal of information security will be to ensure that systems are predictably dependable in the face of all sorts of malice, and particularly in the face of denial of service attacks.

Some other facets of information security are:

See also:


Retrieved from "https://en.wikipedia.org/w/index.php?title=Information_security&oldid=131817"