What is Information Security and how can it help increasing your security level for your business? Knowing the organizational types for security helps you to better understand what your main security goals are, what is currently the biggest risk for your company and how to start to build your security organization.
According to the NIST Cybersecurity Framework Information Security has the goal to protect your information (electronic; physical data) and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability (and sometimes traceability) [source: NIST Glossary ]. You can also often find the term InfoSec as abbreviation for Information Security.
2. What are the goals of Information Security?
As already mentioned above the goal of the Information Security is to protect your information assets (data) and information systems (IT Systems) against the loss of confidentiality, integrity and availability. This is often referred to the CIA matrix or CIA triangle. In addition you can also find the term CIAT matrix. The additional “T” stands for “Traceability”. Traceability defines the objective to trace any access and changes to an information asset.
3. How does Information Security help to protect my company?
What is information security and what are the goals of information security has been described above. But how can information security help to protect my company or my business against cyber security threats?
It does that by:
- Defining Security Policies, Processes and Procedures
- Setting up Security Controls
- Identifying and evaluating Security Risks
- Increasing the awareness for Cyber Security
- Monitoring, documenting and controlling the compliance of the defined security measures and the current risk level
- Documenting, reporting and help analyzing security incidents
All listed information, documentation and results above will be documented and stored in an Information Security Management System (ISMS) (which is required for ISO27001). The ISMS is the main tool for the Chief Information Security Officer to monitor the effectiveness of the implemented measures.
All tools above help your IT-Security (see What is IT-Security? ) to technically protect your IT infrastructure by knowing what information systems need to be protected, how to protect them, what indicators are necessary to identify security breaches and what to do in case of an cyber security attack, security or data breach.
This arcticle showed you what information security is, what are the goals of information security and how information security helps your IT-Security to protect your company’s assets.
What do you think? What are your security goals and how do you set up your cyber security organization? Let us know in the comments.