Governments, corporations, financial institutions, hospitals and private businesses amass a great deal of confidential information about their employees, customers, products, research and financial status. Should confidential information about a business' customers or finances or new product lines fall into the hands of a competitor or a ‘black hat’ hacker, a business and its customers could suffer widespread, irreparable financial loss, as well as damage to the company's reputation.
The primary focus of Information security is the balanced protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. This principle is a core requirement of information security for the safe utilization, flow, and storage of information and is called the CIA triad. CIA stands for confidentiality, integrity, and availability, the three main objectives of information security.
This is largely achieved through a structured risk management process that involves:
1. Identifying information and related assets, plus potential threats, vulnerabilities and impacts;
2. Evaluating the risks;
3. Deciding how to address or treat the risks, i.e. to avoid, mitigate, share or accept them;
4. Where risk mitigation is required, selecting or designing appropriate security controls and implementing them;
5. Monitoring the activities, making adjustments as necessary to address any issues, changes and improvement opportunities.
Information security threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. For the individual, information security has a significant effect on privacy.
The field of information security has grown and evolved significantly in recent years. 3Si Risk Strategies offers many service areas of focus, including securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning, electronic record discovery, and digital forensics.