Informatics and security is a general term that can be used to cover all data, regardless of its form (electronic or physical) that needs protection. There are two major strands of information security.¹ IT security is sometimes called computer security. It is defined as information security applied to technology. IT security specialists are found in major businesses because the nature and value of data within large businesses is enormous. IT security specialists are responsible for keeping technology in a company secure from cyber attacks.
Information assurance is protecting data to ensure that it is not lost when systems fail. Systems may fail when there is a natural disaster, a server malfunctions, or there is physical theft of computer devices. One of the best ways to ensure data security is to have an off-site backup. Governments, military, corporations, financial institutions, and hospitals collect a huge amount of personal and sensitive information about their employees, customers, and other sensitive information. If this information is leaked, it could lead to personal or staff exploitation, fraud, theft, and confidential information leaks.
Protecting confidential information is a business requirement, sometimes required by law and always ethical. Hence, information security is an expanding industry, and there are many areas of specialization. Some of these areas include securing networks, securing applications and databases, security testing, information systems auditing, and digital forensics. One of the core principles of information security is the CIA triad (not to be confused with the Central Intelligence Agency). The CIA triad consists of confidentiality, integrity, and availability.² Some debate that other principles, such as accountability and legality, should be added to the principles of information security.² The Organization for Economic Cooperation and Development published nine accepted principles of information security. These are awareness, responsibility, response, ethics, democracy, risk assessment, security design and implementation, security management, and reassessment.³
1. Title 44 of the United States Code. Retrieved from http://www.law.cornell.edu/uscode/text/44
2. Perrin, Chad. (June 30, 2008). The CIA Triad. Retrieved from http://www.techrepublic.com/blog/it-security/the-cia-triad/
3. OECD. Retrieved from http://www.oecd.org/canada/