The protection of information against unauthorized disclosure, transfer, modification or destruction, whether accidental or intentional; a system of administrative policies and procedures for identifying, controlling and protecting information.
the concepts, techniques, technical measures, and administrative measures used to protect information assets from deliberate or inadvertent unauthorized acquisition, damage, disclosure, manipulation, modification, loss, or use [ McDaniel 94].
The result of any system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, information the protection of which is authorized by executive order.
The result of any system of policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, information whose protection is authorized by executive order or statute (ICS 1989).
The protection of automated information from unauthorized access (accidental or intentional), modification, destruction, or disclosure.
The process of protecting data from accidental or intentional misuse by persons inside or outside of an organization. Although information security is by no means strictly a technical problem, its technical aspects (firewalls, encryption and the like) are important. Information security is an increasingly high-profile problem, as hackers take advantage of the fact that organizations are opening parts of their systems to employees, customers and other businesses via the Internet.
Effective information security practices requires executive management support, effective policies and procedures that are appropriate for the environment, staff training, risk assessment, employee awareness, appropriate and effective controls, and comprehensive audit and testing. The goal is to protect the agency’s critical missions by reducing risks, complying with laws and regulations, and ensuring business continuity, information integrity, and confidentiality. [Source: Practices Protecting Information Resources Assets on the DIR Web site
Information security is the protection of information from a wide range of threats in order to –ensure business continuity,–minimize business risk, and–maximize return on investments and business opportunities.•Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions.• These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organization are met.
The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.
Information security is the process of protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption.http://www.law.cornell.edu/uscode/html/uscode44/usc_sec_44_00003542----000-.html 44 U.S.C § 3542 (b)(1) (2006) The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information, however there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration.
