Байланысты: Lecture 9-10. International information security approaches to the definition of the concept
Definition
Various definitions of information security are suggested below, summarized from different sources:
“Preservation of confidentiality, integrity and availability of information. Note: In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved”.
“The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability”.
“Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)”.
“Information Security is the process of protecting the intellectual property of an organisation”.
“...information security is a risk management discipline, whose job is to manage the cost of information risk to the business”.
“A well-informed sense of assurance that information risks and controls are in balance”.
“Information security is the protection of information and minimizes the risk of exposing information to unauthorized parties”.
“Information Security is a multidisciplinary area of study and professional activity which is concerned with the development and implementation of security mechanisms of all available types (technical, organizational, human-oriented and legal) in order to keep information in all its locations (within and outside the organization’s perimeter) and, consequently, information systems, where information is created, processed, stored, transmitted and destroyed, free from threats.
Threats to information and information systems may be categorized and a corresponding security goal may be defined for each category of threats. A set of security goals, identified as a result of a threat analysis, should be revised periodically to ensure its adequacy and conformance with the evolving environment.
The currently relevant set of security goals may include: confidentiality, integrity, availability, privacy, authenticity & trustworthiness, non-repudiation, accountability and auditability."
Information and information resource security using telecommunication system or devices means protecting information, information systems or books from unauthorized access, damage, theft, or destruction.