The Three Pillars of Information Protection
Information protection is about reducing the risk through secure systems that eliminate or limit security vulnerabilities which could be used for gaining access to sensitive personal and business data. It also incorporates a variety of technological solutions, such as firewalls, antivirus, and encryption to safeguard against harm caused by theft of information or loss. This field is commonly referred to as InfoSec and has evolved into a highly-specialized field that covers everything from infrastructure and network security to auditing and testing.
No matter the size or nature of the business, every business holds sensitive information. This can include names and credit card information, account information, Social Security numbers, employee records and other private information. These details can be used for identity theft or fraud and can be devastating to the image of a business.
A solid information security strategy is essential to shield a business from incidents and to ensure compliance with the law. It is important to remember that information security is built on three fundamentals: confidentiality, availability and integrity.
Confidentiality is about securing information from unauthorized disclosure and ensuring it only accessible to those who have been authorized to access it. This can be accomplished through simple measures such as making sure that passwords are secure and regularly changes, using encryption to make information more difficult to read, so it can only be read by those with the key, or utilizing messaging platforms that use encryption to protect your messages. Another aspect of protecting information is the ability to ensure that data is always available and can be restored in case an event of disaster or system failure. Backups and archives can help achieve this.