Skip to main content

We are temporarily waiving the GMAT/GRE requirements for all applicants. Apply now!

The Guiding Principles of Information Security

Information security has been around for as long as people have had private information they wish to protect. Codes and ciphers have been in use to encrypt and protect information for millennia.

As technologies for communication and information storage have advanced, so have those for securing and protecting that information. Still, methods for hacking information security systems seem to advance just as fast, compromising information storage. Identity theft and data breaches have become commonplace.

As a result, there is high demand for professionals with expertise in all areas of information security design and management. Those who also have education and experience in general management and leadership practices are in even higher demand.

The University of West Florida’s online Master of Business Administration (MBA) with an emphasis in Cybersecurity Management provides students with a unique combination of expert knowledge and management skills.

What Is Information Security?

The U.S. Department of Commerce National Institute of Standards and Technology (NIST) defines information security as:

“The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity and availability.”

The concepts of confidentiality, integrity and availability (CIA) are central to information security.

Confidentiality: Restricted access to information.

Integrity: Accuracy and completeness of data.

Availability: Authorized users with access.

Safeguarding access through layered security systems involves the use of hardware and software to disguise data, block malicious hacking and limit access.

CIA systems and methods vary greatly due to the specific application and advancements in technology. Most systems are based on cryptology, which includes coding through encryption and decryption.

Multi-tiered user authentication is also central to information security. It requires proper authorization for all levels and layers of information access—logins and passwords, for example. It may also involve two-factor authentication services or physical identification through fingerprint or facial recognition.

Other strategies and systems are employed to block malicious, unsolicited access (firewalls) or to disguise and minimize the exposure of networks (proxy servers).

In essence, the purpose of all CIA principles and methods is to restrict access on a need-to-know basis. To be effective, these restrictions must be consistent across all access points. This includes information that is “in transit” (internal or external communications) or “at rest” (in-house data storage, employee computers, phones and external data centers).

Cybersecurity and Information Security: What’s the Difference?

The terms cybersecurity and information security are often used interchangeably. The purposes, principles and methods of these two concepts are similar and at times overlap. However, there are important differences related to the content for safeguarding and the technologies and practices involved.

The National Institute of Standards and Technology (NIST) defines cybersecurity as “the process of protecting information by preventing, detecting, and responding to attacks.” NIST defines information security as “the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.”

Cybersecurity and information security share much in common. But “information” is a broad term, including analog — think paper records — and digital information. Information security deals with both. Cybersecurity focuses on digital information in the cyber realm.

Modern day cybersecurity is mostly concerned with data security. And all data does not count as information. For instance, a statistic without context is just a number, a piece of data. But when that data holds meaning in context, it becomes information. If that data is stored and communicated through modern technologies, its protection and management would also fall under cybersecurity.

This aspect of protecting digital information transmitted through information and communications technologies is at the intersection of information security and cybersecurity.

Cost of Data Breaches

Today’s business climate puts organizations at constant risk for cyberattacks. The financial impact of a data breach to a business, small or large, is significant. Here is a look at the numbers, according to IBM’s 2019 Cost of a Data Breach Report:

  • $3.92 million: Average total cost of a data breach
  • $8.19 million: Average cost of a data breach in the U.S.
  • 25,575 records: Average size of a data breach
  • $6.45 million: Average cost of a data breach in the healthcare industry
  • $408: Average cost per record in a healthcare breach

The risk of security breaches also translates to a much higher than average projected growth in the field of information security. According to the U.S. Bureau of Labor Statistics, demand for information security analysts is projected to grow 32% from 2018 to 2028, much faster than the average of 5% for all occupations. BLS placed the 2019 median yearly salary for information security analysts at $99,730, with top earners making more than $158,000.

Through the advanced study of information security concepts, cybersecurity risk management and managerial leadership, information security professionals can find satisfaction in giving their companies peace of mind while enjoying the career opportunities and income potential available to them.

Learn more about UWF’s MBA with an emphasis in Cybersecurity Management online program.


Advances in Robotics and Automation: Basic Principle of Information Security

CISO Platform: Understanding the Difference Between Cyber Security & Information Security – CISO Platform

IBM: How Much Would a Data Breach Cost Your Business?

Infosec: Guiding Principles in Information Security

National Institute of Standards and Technology: INFOSEC

OSTechnical: What Are Information Security Principles?

U.S. Bureau of Labor Statistics: Information Security Analysts

Our Commitment to Content Publishing Accuracy

Articles that appear on this website are for information purposes only. The nature of the information in all of the articles is intended to provide accurate and authoritative information in regard to the subject matter covered.

The information contained within this site has been sourced and presented with reasonable care. If there are errors, please contact us by completing the form below.

Timeliness: Note that most articles published on this website remain on the website indefinitely. Only those articles that have been published within the most recent months may be considered timely. We do not remove articles regardless of the date of publication, as many, but not all, of our earlier articles may still have important relevance to some of our visitors. Use appropriate caution in acting on the information of any article.

Report inaccurate article content:

Request More Information

Submit this form, and an Enrollment Specialist will contact you to answer your questions.

  • This field is for validation purposes and should be left unchanged.

Or call 877-588-2502

Begin Application Process

Start your application today!

Or call 877-588-2502 877-588-2502

for help with any questions you have.