In this video, Kip Boyle explains what information security means. Learn the basics of how information security is defined and implemented in an organization.
- Information security is critical to the world we live in, yet it's been with us for hundreds of years, and as you'll see, it's more than just keeping information secret. Securing information and information systems goes back at least as far 480 BC when the Persian king, Xerxes, put his invasion plans for Greece onto encrypted tablets, so he could safely share them with his distant allies. About 400 years later, the Roman general, Julius Caesar, invented what we call the Caesar cipher in order to protect his military messages.
The cipher wheel itself was part of an entire system which included strict procedures for how to handle the messages, as well as the cipher tools. In recent years, our computers do the encryption and decryption for us. They convert our data into digital nonsense, and then return it into its original form when we need it. So how do we define information security today? Because the law is taking an ever increasing role in information security affairs, let's take a look at section 3552 in title 44 of the United States code.
Not surprisingly, the definition is detailed, so let's step through it. The term information security means protecting information and information systems from unauthorized access, use, or disclosure, disruption, modification, or destruction. By protecting information from these threats, we can achieve three goals. First, confidentiality so we can keep our secrets under control. Second, integrity which means that our information is not corrupted.
And third, availability so we can see our information whenever we want. You'll commonly hear the term CIA Triad when information security professionals talk about the three goals of confidentiality, integrity, and availability of information. How do these goals help us today? Take, for example, modern banking. Today we can manage our money privately online, we can withdraw cash from an ATM any time, day or night, and we can quickly place an online order for just about anything.
But without information security, none of these things would be possible.
- Goals and components of an information security program
- Measuring and managing information risks
- Reducing risks to an acceptable level
- Using a workflow to organize your work
- Communicating progress with executives and stakeholders
- Demonstrating compliance