What is Information Security? CIA Explained

Information Security

Information Security (Infosec) is the practice of protecting information from unauthorised access, alteration, or loss by ensuring its Confidentiality, Integrity, and Availability (CIA). It forms the backbone of standards like ISO 27001, balancing people, processes, and technology to secure data across digital environments.

What is Information Security?

Information Security (infosec) is a term used to describe a state where all valuable information is protected from unauthorised use. When considering personal data, GDPR explicitly refers to the risks that surround the Confidentiality, Integrity, and Availability (CIA) of that data.

Confidentiality means that anybody that does not have the authorisation to see a particular piece of information, cannot get access to it, for example during a data breach. Integrity means that the information cannot be tampered with in any way. And Availability means that those that need access can always get it without, for example, an unethical hacker restricting or holding the information to ransom.

CIA is also commonly used when evaluating risks within an ISO 27001 standard framework for information security management. ISO 27001:2013 considers people, process, and technology, and the policies and controls needed across those three areas in order to secure an organisations information assets.

Mike Jennings

Mike is the Integrated Management System (IMS) Manager here at ISMS.online. In addition to his day-to-day responsibilities of ensuring that the IMS security incident management, threat intelligence, corrective actions, risk assessments and audits are managed effectively and kept up to date, Mike is a certified lead auditor for ISO 27001 and continues to enhance his other skills in information security and privacy management standards and frameworks including Cyber Essentials, ISO 27001 and many more.

We’re a Leader in our Field