How Can We Help?
Here’s a quick information security overview…
Definition
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
SOURCE: SP 800-37; SP 800-53; SP 800-53A; SP 800-18; SP 80060; CNSSI-4009; FIPS 200; FIPS 199; 44 U.S.C., Sec. 3542
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide—
1) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;
2) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and
3) availability, which means ensuring timely and reliable access to and use of information.
SOURCE: SP 800-66; 44 U.S.C., Sec 3541
Everyday Overview
Information security, or InfoSec, is the practice of protecting information from unauthorized access, misuse, or destruction. It includes policies, procedures, and tools to protect data in all forms, including physical and digital.
- Confidentiality: Protecting the secrecy of information
- Integrity: Protecting the accuracy and completeness of information
- Availability: Protecting the accessibility of information
- Application security: Protecting software applications and APIs from unauthorized access
- Network security: Protecting networks and network resources from unauthorized access
- Incident response: Identifying, investigating, and responding to threats and damaging events
- Establish a general approach to information security
- Document security measures and user access control policies
- Ensure that only authorized users can access sensitive systems and information
- Monitor networks for security breaches
- Investigate security breaches
- Use and maintain software, such as firewalls and data encryption programs
- Check for vulnerabilities in computer and network systems
