Information Security Basics

Information security (InfoSec) focuses on protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction.

The CIA Triad

A core concept in security is the CIA triad:

  • Confidentiality – ensuring that information is only accessible to authorized people.
  • Integrity – making sure data is accurate and has not been changed in an unauthorized way.
  • Availability – ensuring systems and data are accessible when needed.

Key Terms

Some important terms used in information security:

  • Asset – anything of value, such as data, systems or people.
  • Threat – something that can cause harm, for example an attacker or a natural disaster.
  • Vulnerability – a weakness that may be exploited by a threat.
  • Risk – the combination of the likelihood of a threat and its impact.

Reference

For more details about fundamental concepts, see the NIST Cybersecurity Framework.