Information Security is defined as the protection of information and information systems against access by unauthorized sources, while at the same time ensuring availability to authorized users. Information security also encompasses any and all legal measures which are deemed necessary to detect, document and counter any such threats.
An excellent mnemonic for remembering the critical elements required for information security is “CIA”, Confidentiality, Integrity and Availability. In order to be secure, your protected data must remain confidential, unaltered by error or misdeed (integrity), and always available and accessible to authorized users.
Although programs and data can be reasonably secured through the use of complex passwords and digital certificates, these methods only validate the knowledge required for access; they cannot guarantee that it actually is the authorized person. Biometrics provides a more secure method of entry. Another key concern is the ability to determine whether an authorized user, having already gained access to sensitive data, has committed any malicious deeds.
A huge amount of confidential information and data is collected and disseminated over networks. Sensitive information, if in the wrong hands, can easily wreek havoc leading to business losses, identity theft, law suits, and even bankruptcy.