|Topics > Introduction|
What is Information Technology Security?
Security is a basic human concept that has become more difficult to define and enforce in the Information Age. In primitive societies, security was limited to ensuring the safety of the group's members and protecting physical resources, like food and water. As society has grown more complex, the significance of sharing and securing the important resource of information has increased. Before the proliferation of modern communications, information security was limited to controlling physical access to oral or written communications. The importance of information security led societies to develop innovative ways of protecting their information. For example, the Roman Empire's military wrote sensitive messages on parchments that could be dissolved in water after they had been read. Military history provides another more recent example of the importance of information security. Decades after World War II ended, it was revealed that the Allies had gained an enormous advantage by deciphering both the German and Japanese encryption codes early in the conflict. Recent innovations in information technology, like the Internet, have made it possible to send vast quantities of data across the globe with ease. However, the challenge of controlling and protecting that information has grown exponentially now that data can be easily transmitted, stored, copied, manipulated, and destroyed.
Within a large organization information technology generally refers to laptop and desktop computers, servers, routers, and switches that form a computer network, although information technology also includes fax machines, phone and voice mail systems, cellular phones, and other electronic systems. A growing reliance on computers to work and communicate has made the control of computer networks an important part of information security. Unauthorized access to paper documents or phone conversations is still an information security concern, but the real challenge has become protecting the security of computer networks, especially when they are connected to the Internet. Most large organizations have their own local computer network, or intranet, that links their computers together to share resources and support the communications of employees and others with a legitimate need for access. Almost all of these networks are connected to the Internet and allow employees to go "online."
Information technology security is controlling access to sensitive electronic information so only those with a legitimate need to access it are allowed to do so. This seemingly simple task has become a very complex process with systems that need to be continually updated and processes that need to constantly be reviewed. There are three main objectives for information technology security: confidentiality, integrity, and availability of data. Confidentiality is protecting access to sensitive data from those who don't have a legitimate need to use it. Integrity is ensuring that information is accurate and reliable and cannot be modified in unexpected ways. The availability of data ensures that is readily available to those who need to use it (Feinman et. al., 1999).
Information technology security is often the challenge of balancing the demands of users versus the need for data confidentiality and integrity. For example, allowing employees to access a network from a remote location, like their home or a project site, can increase the value of the network and efficiency of the employee. Unfortunately, remote access to a network also opens a number of vulnerabilities and creates difficult security challenges for a network administrator.
Feinman, Todd, Goldman, David, Wong, Ricky, and Cooper, Neil, PricewaterhouseCoopers LLP, Resource Protection Services, Security Basics: A White Paper, June 1, 1999.