Information security can be explained by the help of following example. If company sells bottled water purified using the process of reverse osmosis, the process is well known, and therefore it does not make good business sense for management to protect that information. However, if that company has a revolutionary process that cuts the cost and time for water purification in half, it would make sense to secure that information. There is a limit to the value of implementing protection so user must combine his knowledge of value, threats, vulnerabilities, and risks to put together a feasible plan.
Information security involves the measures and controls that ensure confidentiality, integrity, and availability
of the information processed by and stored in a computer or system.
Confidentiality: Ensures that information is accessed only by authorized personnel.
Integrity: Ensures that information is modified only by authorized personnel.
Availability: Ensures that information and systems can be accessed when needed by authorized personnel.
This practice include policies, procedures, hardware and software tools necessary to protect the computer systems and the information processed, stored, and transmitted by the systems.
When the user combines efforts to provide data confidentiality, data integrity, and data availability with physical security, then he can provide a very effective security solution.
Information security involves the measures and controls that ensure confidentiality, integrity, and availability
of the information processed by and stored in a computer or system.
Confidentiality: Ensures that information is accessed only by authorized personnel.
Integrity: Ensures that information is modified only by authorized personnel.
Availability: Ensures that information and systems can be accessed when needed by authorized personnel.
This practice include policies, procedures, hardware and software tools necessary to protect the computer systems and the information processed, stored, and transmitted by the systems.
When the user combines efforts to provide data confidentiality, data integrity, and data availability with physical security, then he can provide a very effective security solution.
