Difference between revisions of "Information Systems Security (INFOSEC)"

Information Systems Security, also known as INFOSEC, is a broad subject within the field of information technology (IT) that focuses on protecting computers, networks, and their users. Almost all modern companies, as well as many families and individuals, have justified concerns about digital risks to their well-being. These threats come in all shapes and sizes, including theft of private information in a databasehack, installation of malicious software on a machine and intentional service disruptions. Three of the most commonly recognized elements of INFOSEC are confidentiality, integrity, and availability. This summarizes the core purpose of the IT security profession, which is to ensure information is accessible to a system’s users without being corrupted or stolen by another party.^[1]

Information systems security does not just deal with computer information, but also protecting data and information in all of its forms, such as telephone conversations.

Risk assessments must be performed to determine what information poses the biggest risk. For example, one system may have the most important information on it and therefore will need more security measures to maintain security. Business continuity planning and disaster recovery planning are other facets of an information systems security professional. This professional will plan for what could happen if a major business disruption occurs, but still allow business to continue as usual.

The term is often used in the context of the U.S. Navy, who defines INFOSEC as:

COMPUSEC + COMSEC + TEMPEST = INFOSEC

Where COMPUSEC is computer systems security, COMSEC is communications security, and TEMPEST is compromising emanations.^[2]