What is Security.

Definitions of Information security.

In general, I don't like definitions of Information security. But in teaching what Information security is about, they are a useful tool. Most people who start in Information security have a limited view of what information security is, and this page aims to broaden your views on the bounderies of the Information Security domain.

Most students I got in my class room, chose the course in Information security because they are interested in hacking. So, my first task here is to show that unauthorised access is only a minute part of the Information security problem.

Here are some of the definitions I found on the Internet:

Security refers to all the policies, procedures and technical tools used for safeguarding information systems from unauthorized access, alteration, theft and physical damage.

Security is keeping anyone from doing things you do not want them to do to, with, or from your computers or peripherals.

The first definition, like most definitions of Information Security, uses enumeration of different aspects of the concept of Information security to explain what security is about. The problem with enumeration, however, is that you always leave something out. A standard question I ask my students is what is left out and how can you improve the definition. If you try you will be surprised how many different correct answers you get! Also notice, that this definition is circular: Just replace the word safeguarding with securing.

The second definition is much better if you like to define the boundaries of Information Security. However, it fails to give you any understanding of the different aspects of Information Security. Still, it is flawed as well! It does not include the loss of availability of your systems. And, it is actually a definition of Computer Security. Information security is just as important for information that is not on a computer or device. More on this later.