information security

Information security is becoming one of the most important assets of the 21st century, Nowadays it takes lots of effort to make information safe and secure.

In this article, we will explain to you some pieces of stuff about information protection like its definition, principles, policies, etc.

Information Security Definition

Information security means the security of our data from unauthorized access, basically, it is the practice of preventing data from unwanted, unauthorized, illegal, unlicensed access. It is utilized to preserve data from being mistreated, disclosure, destruction, modification, and disruption. Information can be physical or electronic.

Information security can also be called (InfoSec).

Information security vs. cybersecurity

Information security and cybersecurity are associated with protection but cover several objectives and scopes with some overlap. Information security is based on protection,  covering cryptography, mobile computing, and social media.

Whereas cybersecurity is based on reaching Internet-based threats and digital data. Additionally, cybersecurity presents coverage for fresh, unknown data while information security does not.

Information SecurityCybersecurity
It deals with the protection of data and information.It is all about protecting from cyber attacks.
It strives against unauthorized access, disclosure modification, and disruption.Cybersecurity strikes against Cybercrimes, cyber frauds, and law enforcement.
It deals with information Assets and integrity confidentiality and availability.It deals with threats that may or may not exist in the cyber realm such as protecting your social media account, personal information, etc.

Information security principles

The principles of information protection are based on the CIA that is confidentiality, integrity, and availability.


We can easily understand this thing by its name(confidentiality) which means that only confidential persons are allowed to access the data. It is one of the basic elements of information protection. To ensure confidentiality one needs to use all the techniques designed for security like a strong password or network security key, encryption, authentication, and defense against penetration attacks.


Integrity means preventing our data from unwanted changes or maintaining data in its correct state,  either accidentally or maliciously. There are many techniques where we can prevent our data from being modified and some tools can also protect data integrity.


The term availability is somehow related to confidentiality where we make sure that your data is not accessible by unauthorized persons but authorized persons can easily access it.

Availability in information protection involves balancing network and computing resources to compute data entrance and implement a more suitable policy for emergency recovery purposes.

Information security policies

Information System policies are a set of guidelines, rules, and procedures established by an organization to govern the use, management, and security of its information systems. These policies are essential for ensuring the confidentiality, integrity, and availability of information, as well as compliance with legal and regulatory requirements. Here are some common types of Information System policies:

  1. Acceptable Use Policy (AUP):
    • Defines acceptable and unacceptable use of an organization’s information systems, networks, and resources.
    • Outlines the consequences of violating the policy.
  2. Data Classification Policy:
    • Categorizes data based on its sensitivity and importance.
    • Specifies the security controls and handling procedures for each data classification level.
  3. Information Security Policy:
    • Establishes the overall framework for securing an organization’s information assets.
    • Addresses issues such as access controls, encryption, authentication, and incident response.
  4. Password Policy:
    • Sets guidelines for creating and managing passwords to ensure strong authentication.
    • Defines password complexity, expiration, and change requirements.
  5. Network Security Policy:
    • Defines rules and procedures for securing the organization’s network infrastructure.
    • Addresses issues such as firewalls, intrusion detection/prevention systems, and VPN usage.
  6. Incident Response Policy:
    • Outlines the procedures to follow in the event of a security incident or breach.
    • Describes roles and responsibilities during incident response.
  7. Backup and Recovery Policy:
    • Establishes guidelines for regular data backups and recovery procedures.
    • Defines the frequency of backups, storage locations, and testing procedures.
  8. Mobile Device Management (MDM) Policy:
    • Governs the use of mobile devices within the organization.
    • Addresses issues such as device security, data encryption, and acceptable use.
  9. BYOD (Bring Your Device) Policy:
    • Defines the rules and security measures for employees using their devices for work.
    • Balances the benefits of employee flexibility with the need for security.
  10. Privacy Policy:
    • Outlines how the organization collects, uses, and protects personal and sensitive information.
    • Ensures compliance with privacy laws and regulations.
  11. Software Development Policy:
    • Establishes guidelines for secure software development practices.
    • Ensures that applications are designed and coded with security in mind.
  12. Remote Access Policy:
    • Defines the rules and security measures for accessing organizational resources remotely.
    • Addresses issues such as VPN usage, multi-factor authentication, and secure connections.

It’s important for organizations to regularly review and update their Information System policies to adapt to evolving technology, business requirements, and security threats. Additionally, employee awareness and training on these policies are crucial for their effective implementation.

Leave a Reply

Your email address will not be published. Required fields are marked *