5.5 What is information security?
Information security protects the confidentiality, integrity and availability – often referred to as the ‘CIA triad’ – of all assets, information and systems, be they digital or physical.
Below is a brief definition of each element of the triad (based on National Cyber Security Centre, 2021b):
Confidentiality: only authorised personnel in relation to their role should have access to information, to ensure it has not be shared or accessed without permission.
Integrity: information and data needs to be accurate, consistent, and used for its intended purpose. This requires strong non-repudiation and authenticity controls to stop data being modified or destroyed.
Availability: information and data is readily available and there is reliable access to (and use of) information.
The primary focus of information security is to ensure that organisations and individuals operate securely, with minimal disruption to work processes. Achieving this means aiming to reduce the risk of security incidents, which include the theft of, tampering with, or deletion of information and data. Most organisations will have an information security policy that provides guidance on using IT and digital assets safely.
OpenLearn - Hybrid working: skills for digital transformation
Except for third party materials and otherwise, this content is made available under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Licence, full copyright detail can be found in the acknowledgements section. Please see full copyright statement for details.