Definition: Information Security, or INFOSEC, is a term that directly relates to providing for the confidentiality, integrity and availability of all digital resources in a business or organization. A framework for INFOSEC was pioneered by the British (7799) and followed up upon with the ISO 17799 security model. The older standards are now evolving into ISO 27000 and include a very comprehensive approach to maintaining digital resources in a safe and responsible manner. Concern over protection of the digital processing infrastructure is now virtually global. Providing for the confidentiality, integrity and availability of digital assets is essential to information assurance.
Its Relevance: A significant amount of commerce, research and finance is conducted online and in an asymmetric threat environment. Emerging are more sophisticated threats against data processing systems and potential litigation against organizations that fail to practice due diligence in locking down and protecting digital assets. An organization can be significantly damaged unless assuring information is a high priority. Securing information is significantly related to the protection of the critical national infrastructure.