information security [English]
n. (infosec, abbr.) ~ Policies, procedures, and other controls to protect data assets from unauthorized access, modification, disclosure, or other use to ensure data integrity, confidentiality, and availability.
- Wikipedia (†387 s.v. information security): Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).
- CNSS-4009 (†730 p.37): The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. (†1736)
- Edgar 2004 (†694 p. 2): Fundamentally there are two types of security. The first type is concerned with the integrity of the data. In this case the modification of the records is strictly controlled. For example, you may not wish an account to be credited or debited without specific controls and auditing. This type of security is not a major concern in test and development databases. The data can be modified at will without any business impact. ¶ The second type of security is the protection of the information content from inappropriate visibility. Names, addresses, phone numbers and credit card details are good examples of this type of data. Unlike the protection from updates, this type of security requires that access to the information content is controlled in every environment. (†1582)
- ISACA Glossary (†743 s.v. information security): Ensures that within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity), and non‐access when required (availability). (†1780)
- NIST 2011B (†415 p. 20): Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: (A) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; (B) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; (C) availability, which means ensuring timely and reliable access to and use of information. (Source: [SOURCE: Title III of the E-Government Act, entitled the Federal Information Security Management Act of 2002 (FISMA)]) (†518)
- NIST 2013 (†734 p. B-10): The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. [44 U.S.C., Sec. 3542] (†1833)