What Does Information Systems Security Mean?
Information systems security, more commonly referred to as INFOSEC, refers to the processes and methodologies involved with keeping information confidential, available, and assuring its integrity.
It also refers to:
- Access controls, which prevent unauthorized personnel from entering or accessing a system.
- Protecting information no matter where that information is, i.e. in transit (such as in an email) or in a storage area.
- The detection and remediation of security breaches, as well as documenting those events.
Techopedia Explains Information Systems Security
Information systems security does not just deal with computer information, but also protecting data and information in all of its forms, such as telephone conversations.
Risk assessments must be performed to determine what information poses the biggest risk. For example, one system may have the most important information on it and therefore will need more security measures to maintain security. Business continuity planning and disaster recovery planning are other facets of an information systems security professional. This professional will plan for what could happen if a major business disruption occurs, but still allow business to continue as usual.
The term is often used in the context of the U.S. Navy, who defines INFOSEC as:
COMPUSEC + COMSEC + TEMPEST = INFOSEC
Where COMPUSEC is computer systems security, COMSEC is communications security, and TEMPEST is compromising emanations.