Defining Information Security

According to Merriam-Webster’s online dictionary (www.m-w.com), Information is defined as Knowledge obtained from investigation, study, or instruction, intelligence, news, facts, data, a signal or character (as in a communication system or computer) representing data, something (as a message, experimental data, or a picture) which justifies change in a construct (as a plan or theory) that represents physical or mental experience or another construct. Security is defined as Freedom from danger, safety; freedom from fear or anxiety

If we put these two definitions together we can come up with a definition of information security, Measures adopted to prevent the unauthorized use, misuse, modification, or denial of use of knowledge, facts, data, or capabilities.


That definition encompasses quite a lot. It talks about all measures, whatever they may be, to prevent bad things from happening to knowledge, facts, data, or capabilities. We are also not limited to the form of the information. It might be knowledge or it might be capabilities. However, this definition of information security does not guarantee protection. Information security cannot guarantee protection. We could build the biggest fortress in the world and someone could just come up with a bigger battering ram. Information security is the name given to the preventative steps we take to guard our information and our capabilities. We guard these things against threats, and we guard them from the exploitation of a vulnerability.

Reference : Eric Maiwald, Network Security A Begginer Guide.