Information security is a set of measures, kits and practices to protect information from external and internal threats.
External threats are attempts to hack into the system, DDoS attacks, viruses and malware, natural and man-made disasters. Internal threats are errors and unqualified actions of service personnel, destruction or distortion of data by company employees, information theft and deliberate sabotage.
Effective information security is achieved through multi-stage risk management and involves threat assessment, countermeasure planning, implementation of comprehensive protection systems and regular audits.
Information security is based on 3 principles:
- Secrecy: differentiating levels of access to information in accordance with accepted rules.
- Integrity: keeping the data structure unchanged, unless users have the right to change the information.
- Accessibility: using protocols and technologies that allow users to access data in accordance with security policies and ensure that data is available even in the event of accidents and natural disasters.
Traditionally, there are certain means and methods of information protection, such as:
- Legal: the enterprise develops documents regulating the policy and organization of information security.
- Organizational: creation of conditions for effective data protection at workplaces, infrastructure monitoring, reservation of communication channels, storage of backup copies and other methods.
- Software: implementation of software that help to organize secure data storage, provide access to information to a certain number of employees, protect the system from hacking and other external threats.
- Technical: use of special equipment and technologies designed to protect information, such as setting up authentication procedures, encryption, and use of special network equipment that filters traffic.
Introduction of an information security policy is most often implemented as a specific ICM solution.