HomeNetwork & SecuritySecurity ResourcesDefinition of Information Security

Definition of Information Security

The U.S. National Information Systems Security Glossary defines "Information Systems Security" as the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.

Three widely accepted elements of information security (mnemonic - "CIA") are:

  • Confidentiality
  • Integrity
  • Availability

Why is security important?

Many kinds of data must be kept confidential. Obvious examples include credit card numbers, Social Security numbers, and health records. Many of these records are protected by law — academic records by FERPA, health records by HIPAA, financial records by the GLB Act — and the University is subject to a variety of sanctions if the confidentiality of the records is breached.

The integrity of the University data is also important. Academic, financial, and health decisions should be based on accurate information, not on data altered in someone's self interest. Finally, information is not useful if it is not available. If the servers on which information is stored or the network fail to function because of malicious activity, data will not be available to intended users.

What does it mean to me?

Good information security means that your personal data are protected against theft and misuse and that the data you need to do your job are available and accurate. Maintaining security will require you to take some precautions to protect yourself and the institution.