2. Knowledge base
  3. Information Security Management
  4. What is information security

What is information security

Last updated: 2023-09-19
See our solution:
NIS2 Compliance Software
Was this article helpful?
7 of total 7 found this helpful.

Information security deals with the protection of information in all its forms and throughout entire information life cycle.

In all forms means they can be

  • digital (stored in an information system, software) or
  • printed on paper or
  • information and knowledge just in one's mind

Throughout their life cycle means

  • since their creation,
  • also includes processing, storage, transmission
  • until liquidation or disposal

The goal of information security is to reduce the risk of data being lost, misused, or compromised or altered. It mainly concerns the most important data (so-called primary information assets). In other words, essential collections of data and information for your company, such as:

  • personal data stored in the HR application
  • printed contracts, an overview, reports that can lie are on the table
  • printed employment contracts that are in the files in the closet
  • accounts and login information stored in the browser
  • photos and other files stored on your computer
  • business or other information obtained in personal dealings

How to protect your information and data

The vast majority of information security threats are based on human frailty - it can be non-compliance with processes and principles, ignorance, loss of equipment or the intention to disclose information. Some of the information threats can be prevented by strict procedures and adherence to certain policies. Some information threats can be prevented by technical and IT measures.

1. Educate and increase the information literacy and awareness of your people about information threats

  • Only people educated about possible information threats can prevent them
  • Education and improving information literacy will help to eliminate a large part of unintentional errors, problems or accidents
  • Basic principles include recognizing suspicious e-mails, links, and checking confidential documents in the workplace
  • Awareness will also improve vigilance for possible theft of documents, computers or mobile phones in cars or other places
  • Only people following good habits and processes can prevent some security incidents
  • Include information about potential threats, frequent email tips, cyber attacks, or the importance of backups
  • Train employees and contractors in security awareness before giving them access to your information
  • Include such training for both new employees (see employee onboarding) and ongoing training for your current employees

2. Control your people's access to information

  • Limit employees' access to only the specific resources they need to do their jobs
  • You have to control who can go where
  • It is important to have access allocation under control both when an employee joins and when there are changes in their job classification
  • An employee's entry is important, and an employee's departure and the removal of all authorizations are no less important
  • Set up contractors and other freelancers with a temporary account that expires on certain dates, such as when their contracts end;

3. Protect information from unauthorized people

  • Access to desired information only to authorized persons
  • Controlled access to systems or company premises

4. Back up your data so that you can restore it

  • Having properly backed up data is one of the basic information security measures
  • Paper documents are poorly backed up, one solution is digitization
  • You can lose data not only as a result of a cyber attack, but also, for example, if you lose your computer
  • You can also lose paper documents as a result of theft

5. Watch your devices, computers, mobiles and documents

  • Keep an eye on your device and documents so that they are not lost or accessed by someone else
  • Lock your devices, have passwords, PINs, or other authentication set up on your devices to log in

6. Have password policy in place

  • Use strong, unique passwords
  • A good password should be at least 8 characters long and contain both upper and lower case letters and numbers
  • Establish a password policy as a matter of course for your employees

7. Introduce other restrictive technical measures, especially in large companies they are necessary

  • Implement two-factor authentication that requires each user to provide additional identifying information in addition to a password
  • Install employee monitoring software to help reduce the risk of data breaches and intellectual property theft by identifying careless, disgruntled or malicious users
Recommended to know
Where to go next