# information security

> protecting information by mitigating information risks

**Wikidata**: [Q189900](https://www.wikidata.org/wiki/Q189900)  
**Wikipedia**: [English](https://en.wikipedia.org/wiki/Information_security)  
**Source**: https://4ort.xyz/entity/information-security

## Summary
Information security, often called "infosec," is the practice of protecting information by mitigating information risks. It encompasses a broad set of strategies for managing the processes, tools, and policies necessary to prevent, detect, and respond to threats to both digital and physical information. Its primary goal is to ensure the confidentiality, integrity, and availability of data.

## Key Facts
- **Core Principles**: The fundamental characteristics of information security are confidentiality, data integrity, data availability, authenticity, and non-repudiation.
- **Classification**: It is a subclass of both security and information technology.
- **Scope**: Information security is a facet of security management and a part of risk management information systems and IT system security.
- **Sub-disciplines**: It is a parent field to numerous specializations, including cybersecurity, computer security, application security, cloud security, data security, and physical information security.
- **Related Terminology**: Common aliases include "infosec," "EDV-Sicherheit" (German), and "資安" (Chinese).
- **Professional Field**: Information security is an academic major and a professional industry with roles like "computer security specialist."
- **Industry Examples**: Companies operating in the information security industry include Mimecast, IWall, and CyPeace.

## FAQs
### Q: What is the main goal of information security?
A: The main goal of information security is to protect information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. It achieves this by mitigating risks to information assets.

### Q: What are the core principles of information security?
A: The core principles, often called the "CIA Triad" and its extensions, are confidentiality (ensuring data is accessible only to authorized users), integrity (maintaining the accuracy and completeness of data), and availability (ensuring authorized users have access to data when needed). Other key principles include authenticity and non-repudiation.

### Q: What is the difference between information security and cybersecurity?
A: Information security is a broad field covering the protection of all information assets, whether in physical or digital form. Cybersecurity is a specialized part of information security that focuses specifically on protecting information on connected systems, such as computer systems and networks, from digital threats.

## Why It Matters
Information security is critical in the modern world because information is a vital asset for nearly every individual and organization. It provides the framework and methods to protect sensitive data—from personal details and financial records to intellectual property and state secrets—from unauthorized access, use, disclosure, disruption, modification, or destruction.

The field addresses a vast spectrum of risks, not just malicious hacking. It involves managing physical security for documents, ensuring applications are built without vulnerabilities, securing cloud infrastructure, and protecting endpoint devices like laptops and phones. Without robust information security practices, businesses face financial loss, reputational damage, and legal penalties, while individuals are vulnerable to identity theft and privacy violations. As reliance on interconnected digital systems grows, the principles of information security become increasingly fundamental to maintaining trust, privacy, and operational stability in society.

## Notable For
- **Broad Scope**: Unlike more specialized fields, information security covers all forms of information, including physical documents and verbal communication, not just digital data on computer networks.
- **Foundational Principles**: It is defined by its core principles of confidentiality, integrity, and availability (the "CIA Triad"), which serve as the primary model for developing security policies and systems.
- **Parent Discipline**: Information security acts as an umbrella term for many other security fields. It provides the foundational risk management context for more technical specializations like cybersecurity, application security, and cloud security.
- **Risk-Based Approach**: Its central focus is on mitigating "information risks," making it a strategic management function rather than a purely technical one. It involves identifying assets, threats, and vulnerabilities to implement appropriate controls.

## Body
### ### Definition and Characteristics
Information security is formally defined as the practice of protecting information by mitigating information risks. It is a type of security specifically applied to information technology. The core characteristics it aims to preserve are:
*   **Confidentiality**: Preventing the disclosure of information to unauthorized individuals or systems.
*   **Data Integrity**: Maintaining and assuring the accuracy and completeness of data over its entire lifecycle.
*   **Data Availability**: Ensuring that information is accessible when needed by authorized parties.
*   **Authenticity**: Verifying that users are who they say they are and that data comes from a legitimate source.
*   **Non-repudiation**: Providing proof of the integrity and origin of data, making it difficult for a party to deny the origin of a message or action.

### ### Hierarchical and Relational Structure
Information security is a broad field with many sub-disciplines and related areas.

**Parent Fields:**
*   **Information Technology**: It is a subclass of the development, management, and use of computer-based information systems.
*   **Security**: It is a specific application of general security principles.
*   **Risk Management**: It is considered a part of risk management information systems.

**Sub-disciplines:**
*   **Cybersecurity**: Focuses on information security specifically for connected systems.
*   **Computer Security**: The protection of computer systems and networks from theft, damage, misuse, or data leak.
*   **Data Security**: The protection of digital data from destructive forces and unauthorized users.
*   **Application Security**: Measures taken to improve the security of an application.
*   **Cloud Security**: Policies and controls to protect data, applications, and infrastructure in cloud computing.
*   **Endpoint Security**: The security model for end-user devices like PCs, laptops, and mobile phones.
*   **Physical Information Security**: The protection of information assets against physical threats.
*   **Operations Security (OPSEC)**: Counterespionage safety procedures and practices.

### ### Associated Entities and Concepts
The field of information security encompasses various technologies, threats, and professional roles.

*   **Related Threats**: Specific security risks include "Juice jacking," a mobile security risk involving compromised charging ports.
*   **Related Practices**: A key practice is "hard drive destruction," the act of physically destroying storage devices to prevent information retrieval.
*   **Associated Technologies**: "Wireless Transport Layer Security" is a security protocol designed for the Wireless Application Protocol (WAP).
*   **Industry Organizations**: Companies specializing in information security include **Mimecast** (founded 2003), a UK-based IT company; **IWall**, a French IT company; and **CyPeace**, a Vietnamese cybersecurity company founded in 2023.
*   **Notable Professionals**: Numerous computer scientists and experts are associated with the field, including Joseph Steinberg, Raheem Beyah, Adam Stubblefield, and Harold Joseph Highland.

## Schema Markup
```json
{
  "@context": "https://schema.org",
  "@type": "Thing",
  "name": "information security",
  "description": "The practice of protecting information by mitigating information risks, ensuring its confidentiality, integrity, and availability.",
  "sameAs": [
    "https://en.wikipedia.org/wiki/Information_security",
    "https://golden.com/wiki/Information_security-GP38"
  ],
  "additionalType": [
    "http://schema.org/EducationalOccupationalProgram",
    "https://www.wikidata.org/wiki/Q185783"
  ],
  "alternateName": [
    "infosec",
    "sécurité des informations",
    "securite de l'information",
    "EDV-Sicherheit",
    "Sicherheit in der Informationstechnik",
    "Technischer Datenschutz",
    "情報セキュリティー",
    "電腦保安",
    "資安",
    "資訊保安"
  ]
}

## References

1. Freebase Data Dumps. 2013
2. YSO-Wikidata mapping project
3. BabelNet
4. Quora
5. [Source](https://golden.com/wiki/Information_security-GP38)
6. [OpenAlex](https://docs.openalex.org/download-snapshot/snapshot-data-format)
7. [Explore - Infosec Exchange](https://infosec.exchange/explore)
8. [Explore - Free Radical](https://freeradical.zone/explore)
9. [About - IOC.exchange](https://ioc.exchange/about)
10. Wikibase TDKIV