Information security is a new term for an old concept. The need to safeguard data from misuse or accident has been around at least since the days of Julius Caesar in 50 B.C. He used the so-called “Caesar Cipher” (a very simple code) to encrypt his military messages, and then tattooed the message on the shaven heads of slaves, so that it was hidden from view when their hair grew back.
That was an example of safeguarding the confidentiality of information: preventing the leak of data to people who are not authorised to know it. The other two aspects of information security are integrity (preserving the data from accidental or deliberate alteration), and availability (ensuring that the data remains available to legitimate users). Together these are known as the “CIA triad”, the cornerstone of information security.
It is important to note that data security does not only involve computer-readable information. Hard-copy information (such as your firm’s internal telephone directory or printer output left on the printer) also requires protection. So do audio recordings on a voice recorder or old-style cassette tape. Taken to its logical extreme, information security can even aim to safeguard ideas that are held in people’s heads and not recorded in any form (though exactly how to safeguard these might be a difficult question!).
However, fascinating as all this may be, information security is of more than academic interest. It can crucially impact on people’s lives, though in different ways depending on your situation. For example, a business owner or director has a duty to ensure that all the firm’s assets (including information assets) are protected, and that all relevant legislation is complied with (such as data protection regulations, or copyright laws). Failure to pay due regard to data security could result in prosecution, or termination of the business. In a business context, there is more emphasis on the policies and procedures involved in safeguarding data, and on proving that one is doing so, and this is often referred to as “information assurance” instead.
On the other hand, an agent of the state (whether in the civil service, the police or the military) may have access to a great deal of sensitive personal information on individual citizens, and has more potential to breach a person’s right to privacy. For this reason, the confidentiality aspect of information security should be taken very seriously in this situation, and breaches of confidentiality (such as the loss of an unencrypted laptop containing personal data) should not be tolerated.
From the point of view of a private individual, information security is more a case of ensuring the integrity and availability of your data. Perhaps the biggest data security threat for the home user is a major hard disk failure, which would certainly compromise the availability of the data (unless it has been backed up, of course!).
Even this quick look at information security has made it clear that the subject has several aspects, and is of major importance to everyone with access to data. It is a subject that can only grow in importance as the amount of data in the world increases exponentially, and for this reason at least it is important to gain a working understanding of what is involved in data security.
