What is Information Security?
Information Security (infosec) is a term used to describe a state where all valuable information is protected from unauthorised use.
When considering personal data, GDPR explicitly refers to the risks that surround the Confidentiality,Integrity, and Availability (CIA) of that data.
Confidentiality means that anybody that does not have the authorisation to see a particular piece of information, cannot get access to it, for example during a data breach. Integrity means that the information cannot be tampered with in any way. And Availability means that those that need access can always get it without, for example, an unethical hacker restricting or holding the information to ransom.
CIA is also commonly used when evaluating risks within an ISO 27001 standard framework for information security management. ISO 27001:2013 considers people, process, and technology, and the policies and controls needed across those three areas in order to secure an organisations information assets.