Information security

Protecting information by mitigating risk / From Wikipedia, the free encyclopedia

Dear Wikiwand AI, let's keep it short by simply answering these key questions:

Can you list the top facts and stats about Information security?

Summarize this article for a 10 year old


Information security, sometimes shortened to InfoSec,[1] is the practice of protecting information by mitigating information risks. It is part of information risk management.[2][3] It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information.[citation needed] It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge).[4][5] Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the "CIA" triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.[6] This is largely achieved through a structured risk management process that involves:

  • Identifying information and related assets, plus potential threats, vulnerabilities, and impacts;
  • Evaluating the risks
  • Deciding how to address or treat the risks, i.e., to avoid, mitigate, share, or accept them
  • Where risk mitigation is required, selecting or designing appropriate security controls and implementing them
  • Monitoring the activities and making adjustments as necessary to address any issues, changes, or improvement opportunities[7]

To standardize this discipline, academics and professionals collaborate to offer guidance, policies, and industry standards on passwords, antivirus software, firewalls, encryption software, legal liability, security awareness and training, and so forth.[8] This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, transferred, and destroyed.[9] However, the implementation of any standards and guidance within an entity may have limited effect if a culture of continual improvement is not adopted.[10]

Oops something went wrong: