All businesses use information – for example, employee information, tax information,
proprietary information, or customer information. Information is vital to the operation of a
business. If that information is compromised in some way, the business may not be able to
function. Protecting the information an organization creates, uses, or stores is called
“Information Security.”
Information Security is formally defined as “The protection of information and information
systems from unauthorized access, use, disclosure, disruption, modification, or destruction in
order to provide confidentiality, integrity, and availability”
Information security encompasses people, processes, and technologies. It concentrates on how to
protect:
Confidentiality – protecting information from unauthorized access and disclosure. For
example, what would happen to your company if customer information such as
usernames, passwords, or credit card information was stolen?
Integrity – protecting information from unauthorized modification.
For example, what if your payroll information or a proposed product design was
changed?
Availability – preventing disruption in how you access information.
For example, what if you couldn’t log in to your bank account or access your customer’s
information, or your customers couldn’t access you?
As more and more information becomes digitized – digitally stored, processed, and
communicated – cybersecurity has become a key component of information security.
Cybersecurity means protecting electronic devices and electronically stored information.
Cybersecurity is formally defined as “Prevention of damage to, protection of, and restoration of
computers, electronic communications systems, electronic communications services, wire
communication, and electronic communication, including information contained therein, to
ensure its availability, integrity, authentication, confidentiality, and nonrepudiation”
[CNSSI4009][HSPD23].
As part of information security, cybersecurity works in conjunction with a variety of other
security measures, some of which are shown in Figure 1. As a whole, these information security
components provide defense against a wide range of potential threats to your business’s
information. Although much of this publication involves electronic devices and solutions, it is
not limited to cybersecurity and typically refers to “information security” as a whole.