Information security has been around for as long as people have had private information they wish to protect. Codes and ciphers have been in use to encrypt and protect information for millennia.
As technologies for communication and information storage have advanced, so have those for securing and protecting that information. Still, methods for hacking information security systems seem to advance just as fast, compromising information storage. Identity theft and data breaches have become commonplace.
As a result, there is high demand for professionals with expertise in all areas of information security design and management. Those who also have education and experience in general management and leadership practices are in even higher demand.
The University of West Florida’s online Master of Business Administration (MBA) with an emphasis in Information Security Management provides students with a unique combination of expert knowledge and management skills.
What Is Information Security?
The U.S. Department of Commerce National Institute of Standards and Technology (NIST) defines information security as:
“The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity and availability.”
The concepts of confidentiality, integrity and availability (CIA) are central to information security.
Confidentiality: Restricted access to information.
Integrity: Accuracy and completeness of data.
Availability: Authorized users with access.
Safeguarding access through layered security systems involves the use of hardware and software to disguise data, block malicious hacking and limit access.
CIA systems and methods vary greatly due to the specific application and advancements in technology. Most systems are based on cryptology, which includes coding through encryption and decryption.
Multi-tiered user authentication is also central to information security. It requires proper authorization for all levels and layers of information access—logins and passwords, for example. It may also involve two-factor authentication services or physical identification through fingerprint or facial recognition.
Other strategies and systems are employed to block malicious, unsolicited access (firewalls) or to disguise and minimize the exposure of networks (proxy servers).
In essence, the purpose of all CIA principles and methods is to restrict access on a need-to-know basis. To be effective, these restrictions must be consistent across all access points. This includes information that is “in transit” (internal or external communications) or “at rest” (in-house data storage, employee computers, phones and external data centers).
Cybersecurity and Information Security: What’s the Difference?
The terms cybersecurity and information security are often used interchangeably. The purposes, principles and methods of these two concepts are similar and at times overlap. However, there are important differences related to the content for safeguarding and the technologies and practices involved.
The National Institute of Standards and Technology (NIST) defines cybersecurity as “the process of protecting information by preventing, detecting, and responding to attacks.” NIST defines information security as “the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.”
Cybersecurity and information security share much in common. But “information” is a broad term, including analog — think paper records — and digital information. Information security deals with both. Cybersecurity focuses on digital information in the cyber realm.
Modern day cybersecurity is mostly concerned with data security. And all data does not count as information. For instance, a statistic without context is just a number, a piece of data. But when that data holds meaning in context, it becomes information. If that data is stored and communicated through modern technologies, its protection and management would also fall under cybersecurity.
This aspect of protecting digital information transmitted through information and communications technologies is at the intersection of information security and cybersecurity.
Cost of Data Breaches
Today’s business climate puts organizations at constant risk for cyberattacks. The financial impact of a data breach to a business, small or large, is significant. Here is a look at the numbers, according to IBM’s 2019 Cost of a Data Breach Report:
- $3.92 million: Average total cost of a data breach
- $8.19 million: Average cost of a data breach in the U.S.
- 25,575 records: Average size of a data breach
- $6.45 million: Average cost of a data breach in the healthcare industry
- $408: Average cost per record in a healthcare breach
The risk of security breaches also translates to a much higher than average projected growth in the field of information security. According to the U.S. Bureau of Labor Statistics, demand for information security analysts is projected to grow 32% from 2018 to 2028, much faster than the average of 5% for all occupations. BLS placed the 2019 median yearly salary for information security analysts at $99,730, with top earners making more than $158,000.
Through the advanced study of information security concepts, cybersecurity risk management and managerial leadership, information security professionals can find satisfaction in giving their companies peace of mind while enjoying the career opportunities and income potential available to them.