Information security exists on several levels and requires a nuanced, multifaceted approach to remain effective, with a primary purpose of ensuring data will remain accessible to authorized users only.
What are the 3 principles of information security?
The three pillars of information security are people, process, and data and information.
In order to ensure a company’s data remains secure and non-compromised over time, it is crucial to ensure that cybersecurity measures are taken in each of the three information security pillars: at the people level, at the process level, and at the data and information level. Training, support and procedures instituted at each of these three levels ensure there will be a level of protection in the face of a threat.
At the people pillar, training and awareness around how cybercriminals can target staff information to gain entry to systems is important for organizational defense. In addition, it is important to provide staff with the right levels of authorization, hire experienced cybersecurity professionals, and have some level of physical security to protect data. At the process pillar, management systems and governance measures should be initiated so data can be stored and accessed in an organized, secure manner. Additionally, instituting policies for data use and incident response and proper management of third parties is necessary. Finally, the data and information pillar contains all IT, OT, personal data and operational data measures used to keep information secure, including keeping critical data in more highly secured locations and treating all accessible data with confidentiality and integrity to ensure stability and availability.
What are the five goals of information security?
NIST has listed the five goals of information security as confidentiality, availability, integrity, accountability and assurance.
The National Institute of Standards and Technology (NIST) has listed the five goals of information security as confidentiality, availability, integrity, accountability and assurance. These five goals have been instituted to allow all organizations to meet mission objectives by acknowledging IT-related risks to the organization, its partners and the customers.
Confidentiality is the assurance that information in a company’s possession will not be disclosed to unauthorized individuals, processes or devices. Integrity ensures that vital information will remain safe and will not be altered or destroyed during access and storage. Availability ensures that users will be able to access information in a timely and easily accessible manner. Additionally, it ensures infrastructure will remain fully functional even when facing adverse conditions. The accountability and assurance goals essentially ensure that organizations take responsibility for the data they possess and will initiate response measures in the event of an incident. These have occasionally been swapped for other goals such as authenticity and non-repudiation as the technological and information security landscapes evolve over time. NIST is the best source for the most up-to-date information security goals across industries, however, organizational objectives and risk profiles will shape specific information security goals at the company level.
How can one protect information security?
Information can remain secure through the organized use of data back-ups, secure passwords, anti-malware measures and more.
Information security begins at an organizational level and carries through to the individual level, relying on all parties across the enterprise to ensure complete security within IT environments. At the organizational level, data backups, antivirus and malware protection software, monitoring and alerting tools, encryption, and robust storage and infrastructure should be utilized for a thorough approach to data sharing and accessibility.
Individual responsibilities in information security include using strong passwords, creating additional backups of personally accessible data, utilizing secure devices and networks when working remotely, avoiding and deleting suspicious emails received, installing antivirus software and malware protection on personal devices, not leaving devices and documents unattended when in public, locking screens, securely disposing of old devices, removing data from devices when no longer in use, and knowing what parties have access to specific data.