Information Security means protecting your data and preventing unauthorized access from unauthorized persons. Information Security is used to preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The Information Security Forum (ISF) has published the Standard of Good Practice for Information Security, which is a practical and comprehensive, business-focused guide to identifying and managing information security risks in organizations. The standardization of Information Security took place due to collaboration between academics and professionals. They set basic policies and defined standards for factors such as password, firewall, encryption software, and antivirus software.
1. Lower the risk and the impact of an incident to your assets, being your assets: Data, systems, facilities,devices, processes, and personnel.
2. Ensure a high level of confidence in the availability, integrity and confidentiality of your asset.
3. Protection from malicious attacks on your network.
4. Prevents users from unauthorized access to the network.
5. Securing confidential information.
1. Usability, the more secure you try to make IT systems it becomes less user-friendly, you will need to find a balance.
2. Cost, the more security may mean more investment, try to make sense of the solution to be sure it makes sense and the cost is not higher than the asset you trying to protect.
3. People: more people need to be involved, especially important people within an organization.
4. Difficult to work with for non-technical users
5. Restrictive to resources