What Is Information Security?

Information security is a set of practices, policies and technologies designed to protect an organization’s data from unauthorized access, alteration or loss, ensuring that information remains confidential, accurate and accessible to authorized users.

DNV’s Three Pillars of Information Security

The three pillars of information security as outlined by DNV are people, process and data. To keep a company’s information secure over time, cybersecurity measures must address each pillar through training, governance and technical safeguards.

1. People

The people pillar focuses on training and awareness to prevent cybercriminals from exploiting staff information. Organizations provide proper authorization levels, hire skilled cybersecurity professionals, and maintain physical security. For example, phishing simulations help employees recognize and respond to potential threats.

2. Process

The process pillar emphasizes management systems and governance to ensure data is stored and accessed securely. Policies for data use, incident response and third-party management are critical. Regular auditing of access controls and incident response drills help maintain preparedness for potential breaches.

3. Data and Information

The data pillar covers IT, operational and personal information security measures. Sensitive data is encrypted using protocols like AES-256, critical information is stored in secured or offsite backups, and all data is handled with confidentiality and integrity to maintain availability and stability.

NIST’s Five Goals of Information Security

The five core goals of information security, as previously outlined by the National Institute of Standards and Technology (NIST) are confidentiality, availability, integrity, accountability and assurance. These goals ensure that information remains protected, accessible only by authorized users, and kept safe from unauthorized alterations or destruction.

1. Confidentiality

Confidentiality is the assurance that information in a company’s possession will not be disclosed to unauthorized individuals, processes or devices.

2. Availability

Availability ensures that users will be able to access information in a timely and easily accessible manner. Additionally, it ensures infrastructure will remain fully functional even when facing adverse conditions.

3. Integrity

Integrity ensures that vital information will remain safe and will not be altered or destroyed during access and storage.

4. Accountability

Accountability ensures organizations take responsibility for their data, track access and changes and maintain logs to enforce compliance and quickly identify issues.

5. Assurance

Assurance gives stakeholders confidence that security measures work and incidents are managed effectively, often involving audits, risk assessments and control testing.

NIST is one of the best sources for the most up-to-date information security goals across industries. However, organizational objectives and risk profiles will shape specific information security goals at the company level.

How to Maintain Information Security

Information can be protected through organized use of backups, strong passwords, anti-malware measures and other security practices.

Security starts at the organizational level and extends to individuals, requiring cooperation across the enterprise.

Organizations should implement data backups, antivirus and malware protection, monitoring and alerting tools, encryption and secure storage infrastructure to maintain safe data sharing and accessibility.

Individuals play a key role by using strong passwords, creating personal data backups, working on secure networks and devices, avoiding suspicious emails, installing security software, locking screens, securely disposing of old devices and managing who has access to specific data.

Frequently Asked Questions