Why secure information

Latest Insider. Check out the latest Insider stories here. More from the IDG Network. The CIA triad: Definition, components and examples. What is cyber security? Types, careers, salary and certification. Information security definition Information security, sometimes abbreviated to infosec, is a set of practices intended to keep data secure from unauthorized access or alterations, both when it's being stored and when it's being transmitted from one machine or physical location to another.

The SANS Institute offers a somewhat more expansive definition : Information security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

Information security vs. Information security principles The basic components of information security are most often summed up by the so-called CIA triad: confidentiality, integrity, and availability. Confidentiality is perhaps the element of the triad that most immediately comes to mind when you think of information security. Data is confidential when only those people who are authorized to access it can do so; to ensure confidentiality, you need to be able to identify who is trying to access data and block attempts by those without authorization.

Passwords, encryption, authentication, and defense against penetration attacks are all techniques designed to ensure confidentiality. Integrity means maintaining data in its correct state and preventing it from being improperly modified, either by accident or maliciously.

Many of the techniques that ensure confidentiality will also protect data integrity—after all, a hacker can't change data they can't access—but there are other tools that help provide a defense of integrity in depth: checksums can help you verify data integrity, for instance, and version control software and frequent backups can help you restore data to a correct state if need be. Integrity also covers the concept of non-repudiation : you must be able to prove that you've maintained the integrity of your data, especially in legal contexts.

Availability is the mirror image of confidentiality: while you need to make sure that your data can't be accessed by unauthorized users, you also need to ensure that it can be accessed by those who have the proper permissions. Ensuring data availability means matching network and computing resources to the volume of data access you expect and implementing a good backup policy for disaster recovery purposes. Information security policy The means by which these principles are applied to an organization take the form of a security policy.

Related: Data and Information Security Security. Josh Fruhlinger is a writer and editor who lives in Los Angeles. Good data security means you have a plan to securely access data in the event of system failure, disaster, data corruption, or breach. Data erasure employs software to completely overwrite data on any storage device and is more secure than standard data wiping.

By using data masking software, information is hidden by obscuring letters and numbers with proxy characters.

This effectively masks key information even if an unauthorized party gains access to it. The data changes back to its original form only when an authorized user receives it. Comprehensive data security means that your systems can endure or recover from failures. A computer algorithm transforms text characters into an unreadable format via encryption keys. Only authorized users with the proper corresponding keys can unlock and access the information. Everything from files and a database to email communications can — and should — be encrypted to some extent.

There are three core elements to data security that all organizations should adhere to: Confidentiality, Integrity, and Availability. These concepts are also referred to as the CIA Triad , functioning as a security model and framework for top-notch data security.

Data security is a critical element to regulatory compliance, no matter what industry or sector your organization operates in. Most — if not all — regulatory frameworks make data security a key aspect of compliance. Using the right data security technologies can help your organization prevent breaches, reduce risk, and sustain protective security measures.

Data auditing software solutions capture and report on things like control changes to data, records of who accessed sensitive information, and the file path utilized. These audit procedures are all vital to the breach investigation process. Proper data auditing solutions also provide IT administrators with visibility in preventing unauthorized changes and potential breaches.

Typically, it takes companies several months before they discover that a data breach has actually taken place. All too often, companies discover breaches via their customers or third-party vendors and contractors rather than their own IT departments. This helps you mitigate data destruction, loss, alteration, or unauthorized access to personal data. A data risk assessment will help your organization identify its most overexposed, sensitive data.

A complete risk assessment will also offer reliable and repeatable steps towards prioritizing and remediating serious security risks.

An accurate risk assessment will summarize important findings, expose vulnerabilities, and include prioritized remediation recommendations. Traditionally, organizations viewed having as much data possible as a benefit. There was always the potential that it might come in handy in the future. IT security prevents malicious threats and potential security breaches that can have a huge impact on your organization. When you enter your internal company network, IT security helps ensure only authorized users can access and make changes to sensitive information that resides there.

Network security is used to prevent unauthorized or malicious users from getting inside your network. This ensures that usability, reliability, and integrity are uncompromised. This type of security is necessary to prevent a hacker from accessing data inside the network. Network security has become increasingly challenging as businesses increase the number of endpoints and migrate services to public cloud.

Internet security involves the protection of information that is sent and received in browsers, as well as network security involving web-based applications. These protections are designed to monitor incoming internet traffic for malware as well as unwanted traffic. This protection may come in the form of firewalls, antimalware, and antispyware. Endpoint security provides protection at the device level. Devices that may be secured by endpoint security include cell phones, tablets, laptops, and desktop computers.

Endpoint security will prevent your devices from accessing malicious networks that may be a threat to your organization. Advance malware protection and device management software are examples of endpoint security. Applications, data, and identities are moving to the cloud, meaning users are connecting directly to the Internet and are not protected by the traditional security stack. Cloud security can help secure the usage of software-as-a-service SaaS applications and the public cloud.

With application security, applications are specifically coded at the time of their creation to be as secure as possible, to help ensure they are not vulnerable to attacks.

This added layer of security involves evaluating the code of an app and identifying the vulnerabilities that may exist within the software.