Information security aims to ensure the confidentiality, integrity, and availability of information. This allows information to be protected against threats such as unauthorized access or manipulation. In the corporate environment, the economic damage is prevented.
What is information security?
Information security is designed to help ensure the confidentiality, integrity and availability of information. Information itself can come in different forms and be stored on different systems. Information is not limited to digital data.
The storing or receiving systems need not be IT components as a matter of principle. They can be both technical and non-technical systems. The aim is to protect against dangers and threats and to prevent economic damage.
In the digital age, digital data, computers, networks, and data carriers are often the focus of information security, although in the true sense of the term they only cover a subarea. Possible sub-areas of information security in the IT environment are network security, computer security or data protection.
In practical application, information security is based on IT security management and the internationally valid ISO/IEC 27000 series of standards. In Germany, IT-Grundschutz regulates many aspects of the security of information, data and IT systems.
Distinction between IT security and information security
As already indicated, the two terms information security and IT security must not be equated. IT security is a subarea of information security. Information can not only be stored on IT systems, but can also exist in paper form or be passed on verbally from person to person. While IT security is mainly concerned with protecting data stored in electronic form, information security is not limited to digital forms of information.
Potential threats to information security
Information is subject to a variety of threats. These include, for example, hacker attacks on servers, computers, or networks, unauthorized access to data or unauthorized decryption of data, sabotage, espionage, vandalism, or natural forces such as disasters caused by floods, fire, and storms.
Information security objectives
The General Information Protection Objectives include:
- Ensuring the confidentiality of information
- Ensuring the integrity of information
- Ensuring the availability of information
Confidentiality of information means that only authorized users have access to information intended for them in order to read, process, or change it. Integrity prevents unnoticed changes to information. All changes must be traceable. Finally, ensuring availability makes it possible to access information in an assured manner and prevents system failures.
In addition to these basic goals, there are further protection goals such as bindingness, authenticity or the unambiguous assignment of information.
Measures for information security
Information security can be achieved through numerous measures. They are part of a security concept and include both technical and organizational measures. In principle, the security of information in the corporate environment is the responsibility of management, which delegates the various tasks to subordinate units. The central core component of information security in the company is the information security management system (ISMS).
Technical measures include, for example, the physical security of data and IT components, encryption procedures, software updates, virus software, firewalls, backup procedures, redundancy mechanisms and authentication methods. Organizational measures can include training for employees, awareness campaigns, documentation guidelines, or guidelines for handling passwords.