Protecting a business’s ability to do business, in an information age.
Information Security is much more than the shiny technology and software.
We live in an interconnected world where the ability to do business depends upon information systems.
We have multiple forms of data/systems/services
Intellectual property and corporate strategy.
Internal staff data (HR and Payroll);
Customer/partner relationship data
Personally identifiable and personally sensitive data
These are stored across multiple local and cloud-based systems and databases.
These systems are accessible from desktops, laptops, mobile phones and tablets.
They are accessible over secure internal networks and/or insecure public wifi.
The systems interact with multiple cloud based systems (many with questionable privacy policies) in data centres around the world.
They are accessible from anywhere in the world.
They depend upon multiple third-party service providers, across the globe.
So who is in control of your information?
What is Information Security?
The Security Triad makes an effort to capture the three pillars of security - Confidentiality, Integrity and Availability (CIA).
Confidentiality relates to preventing data being disclosed to unauthorised persons/systems. (e.g. Credit card details). We must ensure that data is stored and transmitted securely.
Integrity relates to assuring the accuracy and consistency of data. i.e. if, when buying something from Amazon, I approve a payment of £100, but it turns into £1000 at the credit card processor, we have an issue with integrity.
Availability means: we want our data, systems and services to be available to the permitted users when needed. It's no point having loads of important information stored nicely and securely, if the relevant/responsible people can't access it! If you lose your car keys, your car is no longer available to you. If your laptop gets a virus, your laptop is no longer available to you.
A forth matter to be considered, is Usability. If the technology, policies or processes make using the systems too complex or slow then users will bypass the security measure.
The three elements Confidentiality, Integrity, Availability need to be balanced against Usability and balanced to the particular requirements of the organisation.
Every organisation is different. Thus the solutions and strategies will vary for each.