Information security is the practice of protecting information by mitigating information risks. It involves measures to prevent and mitigate impacts of unauthorized access, use, disclosure, disruption, deletion, destruction, corruption, modification, inspection, recording or devaluation of information assets.
Information assets take multiple forms, electronic or physical, tangible (such as paperwork) or intangible (such as knowledge). Information security’s primary focus is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organisation productivity. This is achieved through a structured information risk management process.