Cryptography and Information Security
Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management.
It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording or devaluation of information.
It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible or intangible. Information security's primary focus is the balanced protection of the confidentiality, integrity, and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity.
This is largely achieved through a structured risk management process that involves:
Identifying information and related assets, plus potential threats, vulnerabilities and impacts;
Evaluating the risks;
Deciding how to address or treat the risks i.e. to avoid, mitigate, share or accept them;
Where risk mitigation is required, selecting or designing appropriate security controls and implementing them;
Monitoring the activities, making adjustments as necessary to address any issues, changes and improvement opportunities.