Skip to content
Skip to main content

About this free course

Become an OU student

Download this course

Share this free course

Hybrid working: skills for digital transformation
Hybrid working: skills for digital transformation

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

5.5 What is information security?

Information security protects the confidentialityintegrity and availability – often referred to as the ‘CIA triad’ – of all assets, information and systems, be they digital or physical.

Described image
Figure 8 Preferred IT Group (2019)

Below is a brief definition of each element of the triad (based on National Cyber Security Centre [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] , 2021b):

Confidentiality: only authorised personnel in relation to their role should have access to information, to ensure it has not be shared or accessed without permission.

Integrity: information and data needs to be accurate, consistent, and used for its intended purpose. This requires strong non-repudiation and authenticity controls to stop data being modified or destroyed.

Availability: information and data is readily available and there is reliable access to (and use of) information.

The primary focus of information security is to ensure that organisations and individuals operate securely, with minimal disruption to work processes. Achieving this means aiming to reduce the risk of security incidents, which include the theft of, tampering with, or deletion of information and data. Most organisations will have an information security policy that provides guidance on using IT and digital assets safely.