Information Security

What is Information Security?

Information Security, often referred to as InfoSec, is the practice of safeguarding valuable information from unauthorized access, misuse, or harm. When it comes to personal data, regulations like GDPR emphasize addressing risks to the Confidentiality, Integrity, and Availability—commonly known as the CIA triad—of that data.

• Confidentiality ensures that sensitive information is only accessible to those who are authorized. For instance, during a data breach, mechanisms should prevent unauthorized individuals from viewing protected data.
• Integrity guarantees that information remains accurate and unaltered unless explicitly authorized, protecting it from tampering or corruption.
• Availability ensures that information is accessible to authorized users when needed, without interruptions caused by issues like cyberattacks or system failures.

The CIA triad serves as a cornerstone for evaluating and managing risks within frameworks like ISO 27001, a globally recognized standard for information security management. ISO 27001:2013 takes a holistic approach by addressing the people, processes, and technology involved in securing an organization's information assets. This includes implementing policies, procedures, and controls to create a robust defense against potential threats.