Editing Information security (section)

== Definitions ==
{{Main|Information security standards}}

Information security standards are techniques generally outlined in published materials that attempt to protect the information of a user or organization.<ref>{{Cite web |title=ITU-T Recommendation database |url=http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=9136}}</ref> This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

The principal objective is to reduce the risks, including preventing or mitigating attacks. These published materials consist of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies.[[File:CIAJMK1209-en.svg|alt=vectorial version|thumb|'''Information Security Attributes''': or qualities, i.e., [[Confidentiality]], [[Data integrity|Integrity]] and [[Availability]] (CIA). [[Information Systems]] are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: [[Physical information security|physical]], personal and organizational. Essentially, procedures or policies are implemented to tell administrators, users and operators how to use products to ensure information security within the organizations.<ref name="Cherdantseva Y 2013">Cherdantseva Y. and Hilton J.: "Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals". In: ''Organizational, Legal, and Technological Dimensions of Information System Administrator''. Almeida F., Portela, I. (eds.). IGI Global Publishing. (2013)</ref>]]
Various definitions of information security are suggested below, summarized from different sources:

# "Preservation of confidentiality, integrity and availability of information. Note: In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved." (ISO/IEC 27000:2018)<ref>ISO/IEC 27000:2018 (E). (2018). Information technology – Security techniques – Information security management systems – Overview and vocabulary. ISO/IEC.</ref>
# "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability." (CNSS, 2010)<ref>[[Committee on National Security Systems]]: National Information Assurance (IA) Glossary, CNSS Instruction No. 4009, 26 April 2010.</ref>
# "Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)." ([[ISACA]], 2008)<ref>{{cite web|website=[[ISACA]]|year= 2008|title= Glossary of terms, 2008|url=http://www.isaca.org/Knowledge-Center/Documents/Glossary/glossary.pdf}}</ref>
# "Information Security is the process of protecting the intellectual property of an organisation."  (Pipkin, 2000)<ref>Pipkin, D. (2000). ''Information security: Protecting the global enterprise''. New York: Hewlett-Packard Company.</ref>
# "...information security is a risk management discipline, whose job is to manage the cost of information risk to the business." (McDermott and Geer, 2001)<ref>B., McDermott, E., & Geer, D. (2001). Information security is information risk management. In Proceedings of the 2001 Workshop on New Security Paradigms NSPW ‘01, (pp. 97 – 104). ACM. {{doi|10.1145/508171.508187}}</ref>
# "A well-informed sense of assurance that information risks and controls are in balance." (Anderson, J., 2003)<ref>{{cite journal |last1=Anderson |first1=J. M. |year=2003 |title=Why we need a new definition of information security |journal=Computers & Security |volume=22 |issue=4 |pages=308–313 |doi=10.1016/S0167-4048(03)00407-3}}</ref>
# "Information security is the protection of information and minimizes the risk of exposing information to unauthorized parties." (Venter and Eloff, 2003)<ref>{{cite journal |last1=Venter |first1=H. S. |last2=Eloff |first2=J. H. P. |year=2003 |title=A taxonomy for information security technologies |journal=Computers & Security |volume=22 |issue=4 |pages=299–307 |doi=10.1016/S0167-4048(03)00406-1}}</ref>
# "Information Security is a multidisciplinary area of study and professional activity which is concerned with the development and implementation of security mechanisms of all available types (technical, organizational, human-oriented and legal) in order to keep information in all its locations (within and outside the organization's perimeter) and, consequently, information systems, where information is created, processed, stored, transmitted and destroyed, free from threats.<ref>{{Cite journal |last=Gold |first=S |date=December 2004 |title=Threats looming beyond the perimeter |journal=Information Security Technical Report |volume=9 |issue=4 |pages=12–14 |doi=10.1016/S1742-6847(04)00129-6 |issn=1363-4127}}</ref>
#Information and information resource security using telecommunication system or devices means protecting information, information systems or books from unauthorized access, damage, theft, or destruction (Kurose and Ross, 2010).<ref>{{Cite journal |last1=Бучик |first1=С. С. |last2=Юдін |first2=О. К. |last3=Нетребко |first3=Р. В. |date=2016-12-21 |title=The analysis of methods of determination of functional types of security of the information-telecommunication system from an unauthorized access |journal=Problems of Informatization and Management |volume=4 |issue=56 |doi=10.18372/2073-4751.4.13135 |issn=2073-4751 |doi-access=free}}</ref>