Information security: protection objectives and measures for the safety of information
What does information security mean?The term information security describes the protection of information values (assets) by ensuring the three protection objectives confidentiality, availability and integrity. The information assets that need protection are for example software, data, processes, devices, clouds but also personnel resources and other equipment. Even though an Information Security Act exists based on the ISO 27001 standard there is no established detailed information security concept that your company must follow. Instead individual measures are being developed which follow a risk-based approach. For this purpose, possible security incidents are assessed according to their probability of occurrence in your company and an Information Security Management System (ISMS) is being developed accordingly. For support you can appoint an external Information Security Officer.
The fundamental values of information securityThe pillars of the information security cover at least three protection objectives: the confidentiality, availability and integrity of information. They are defined as follows:
Possible security incidents
A security incident is an event that negatively affects the security of information. The first thing that companies usually think of is cybercrime. But the information security is not solely threatened by criminal attacks – even your own employees can jeopardise the information security.
Natural disasters and defective systems also need to be taken into account. Hence security incidents take on different forms while constantly posing a danger (accidental or wilful) for the core values of the information security. By definition for information security the following examples can be possible security incidents:
- Malfunctions or unusual behaviour of devices, Malware detection
- Theft or Loss of devices (e.g. laptops and computer), documents or data carriers (for example USB sticks)
- Passing on information (accidental or wilful), blackmail or coercion to reveal information
- Unauthorised or incorrect use of devices and software, misuse of permissions
- Falsification of data, use of unreliable information
- System failures due to external influences like power outage, water damage, corrosion, fire or dust