Be the first to like this
Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
The elements are
Integrity – maintaining accuracy
Availability – available when needed
Authenticity – ensure genuine data
Non-repudiation – two way transactions
The fundamental principles of any business operation are “people,” “processes,” and “technology.” Attention to all three are required to have significant and lasting change on how the organization operates.
Strong processes can often help to overcome potential vulnerabilities in a security product, while poor implementation can render good technologies ineffective.
Antivirus software is a good example of how people-process-technology all have roles in its effectiveness.
Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution.
Circling back to the beginning of presentation – a focus on only technical security controls may leave you with a system that is not maintained (e.g., insufficient man-power, and/or training for people) and it is not very effective (e.g., poor processes and policies).