Information security

Information security, sometimes shortened to infosec,^[1] is the practice of protecting information by mitigating information risks. It is part of information risk management.^[2]^[3] It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information.^[4] It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge).^[5]^[6] Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the "CIA" triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.^[7] This is largely achieved through a structured risk management process that involves:

Identifying information and related assets, plus potential threats, vulnerabilities, and impacts;
Evaluating the risks
Deciding how to address or treat the risks, i.e., to avoid, mitigate, share, or accept them
Where risk mitigation is required, selecting or designing appropriate security controls and implementing them
Monitoring the activities and making adjustments as necessary to address any issues, changes, or improvement opportunities^[8]

To standardize this discipline, academics and professionals collaborate to offer guidance, policies, and industry standards on passwords, antivirus software, firewalls, encryption software, legal liability, security awareness and training, and so forth.^[9] This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, transferred, and destroyed.^[10] However, the implementation of any standards and guidance within an entity may have limited effect if a culture of continual improvement is not adopted.^[11]

^ Curry, Michael; Marshall, Byron; Crossler, Robert E.; Correia, John (April 25, 2018). "InfoSec Process Action Model (IPAM): Systematically Addressing Individual Security Behavior". ACM SIGMIS Database: The DATABASE for Advances in Information Systems. 49 (SI): 49–66. doi:10.1145/3210530.3210535. ISSN 0095-0033. S2CID 14003960.
^ Joshi, Chanchala; Singh, Umesh Kumar (August 2017). "Information security risks management framework – A step towards mitigating security risks in university network". Journal of Information Security and Applications. 35: 128–137. doi:10.1016/j.jisa.2017.06.006. ISSN 2214-2126.
^ Fletcher, Martin (December 14, 2016). "An introduction to information risk". The National Archives. Retrieved February 23, 2022.
^ Joshi, Chanchala; Singh, Umesh Kumar (August 2017). "Information security risks management framework – A step towards mitigating security risks in university network". Journal of Information Security and Applications. 35: 128–137. doi:10.1016/j.jisa.2017.06.006.
^ Daniel, Kent; Titman, Sheridan (August 2006). "Market Reactions to Tangible and Intangible Information". The Journal of Finance. 61 (4): 1605–1643. doi:10.1111/j.1540-6261.2006.00884.x. SSRN 414701.
^ Fink, Kerstin (2004). Knowledge Potential Measurement and Uncertainty. Deutscher Universitätsverlag. ISBN 978-3-322-81240-7. OCLC 851734708.
^ Keyser, Tobias (April 19, 2018), "Security policy", The Information Governance Toolkit, CRC Press, pp. 57–62, doi:10.1201/9781315385488-13, ISBN 978-1-315-38548-8, retrieved May 28, 2021
^ Danzig, Richard; National Defense University Washington DC Inst for National Strategic Studies (1995). "The big three: Our greatest security risks and how to address them". DTIC ADA421883.
^ Lyu, M.R.; Lau, L.K.Y. (2000). "Firewall security: Policies, testing and performance evaluation". Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000. IEEE Comput. Soc. pp. 116–121. doi:10.1109/cmpsac.2000.884700. ISBN 0-7695-0792-1. S2CID 11202223.
^ "How the Lack of Data Standardization Impedes Data-Driven Healthcare", Data-Driven Healthcare, Hoboken, NJ, US: John Wiley & Sons, Inc., p. 29, October 17, 2015, doi:10.1002/9781119205012.ch3, ISBN 978-1-119-20501-2, retrieved May 28, 2021
^ Lent, Tom; Walsh, Bill (2009), "Rethinking Green Building Standards for Comprehensive Continuous Improvement", Common Ground, Consensus Building and Continual Improvement: International Standards and Sustainable Building, West Conshohocken, PA: ASTM International, pp. 1–1–10, doi:10.1520/stp47516s, ISBN 978-0-8031-4507-8, retrieved May 28, 2021

[1] Curry, Michael; Marshall, Byron; Crossler, Robert E.; Correia, John (April 25, 2018). "InfoSec Process Action Model (IPAM): Systematically Addressing Individual Security Behavior". ACM SIGMIS Database: The DATABASE for Advances in Information Systems. 49 (SI): 49–66. doi:10.1145/3210530.3210535. ISSN 0095-0033. S2CID 14003960.

[2] Joshi, Chanchala; Singh, Umesh Kumar (August 2017). "Information security risks management framework – A step towards mitigating security risks in university network". Journal of Information Security and Applications. 35: 128–137. doi:10.1016/j.jisa.2017.06.006. ISSN 2214-2126.

[3] Fletcher, Martin (December 14, 2016). "An introduction to information risk". The National Archives. Retrieved February 23, 2022.

[4] Joshi, Chanchala; Singh, Umesh Kumar (August 2017). "Information security risks management framework – A step towards mitigating security risks in university network". Journal of Information Security and Applications. 35: 128–137. doi:10.1016/j.jisa.2017.06.006.

[5] Daniel, Kent; Titman, Sheridan (August 2006). "Market Reactions to Tangible and Intangible Information". The Journal of Finance. 61 (4): 1605–1643. doi:10.1111/j.1540-6261.2006.00884.x. SSRN 414701.

[6] Fink, Kerstin (2004). Knowledge Potential Measurement and Uncertainty. Deutscher Universitätsverlag. ISBN 978-3-322-81240-7. OCLC 851734708.

[7] Keyser, Tobias (April 19, 2018), "Security policy", The Information Governance Toolkit, CRC Press, pp. 57–62, doi:10.1201/9781315385488-13, ISBN 978-1-315-38548-8, retrieved May 28, 2021

[8] Danzig, Richard; National Defense University Washington DC Inst for National Strategic Studies (1995). "The big three: Our greatest security risks and how to address them". DTIC ADA421883.

[9] Lyu, M.R.; Lau, L.K.Y. (2000). "Firewall security: Policies, testing and performance evaluation". Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000. IEEE Comput. Soc. pp. 116–121. doi:10.1109/cmpsac.2000.884700. ISBN 0-7695-0792-1. S2CID 11202223.

[10] "How the Lack of Data Standardization Impedes Data-Driven Healthcare", Data-Driven Healthcare, Hoboken, NJ, US: John Wiley & Sons, Inc., p. 29, October 17, 2015, doi:10.1002/9781119205012.ch3, ISBN 978-1-119-20501-2, retrieved May 28, 2021

[11] Lent, Tom; Walsh, Bill (2009), "Rethinking Green Building Standards for Comprehensive Continuous Improvement", Common Ground, Consensus Building and Continual Improvement: International Standards and Sustainable Building, West Conshohocken, PA: ASTM International, pp. 1–1–10, doi:10.1520/stp47516s, ISBN 978-0-8031-4507-8, retrieved May 28, 2021

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]