So what is information security anyway?
There are as many answers to the above question as there are organisations with something to protect. When we talk to perspective clients about information security, all too often, we need to understand what their perception of the term even means. We hear everything from “not being hacked” to “keeping all our data private”. The good news is that information security can broadly be broken down into three major components - CIA:
We must be able to control who has access to our data and systems. Of course, not all of our data is private, but that which we classify as confidential must be kept so.
We must be able to control who can modify data and systems. This is a different component to Confidentiality, and it may be required in addition to or instead of Confidentiality.
We must make sure systems and data are available as and when we need them. Availability is an interesting component of information security as it brings factors such as Uninterruptible Power Supplies and Air Con of server rooms into the realm of security.
Security isn’t limited to the CIA components listed above (certainly facts such as auditability are often included in modern descriptions), but it does give us a solid foundation upon which to consider our security requirements.