What is Information Security? - Definition & Best Practices

Instructor: David Delony

David is a freelance writer specializing in technology. He holds a BA in communication.

In this lesson, you'll learn about the basic principles of information security and the best practices for keeping confidential information in your organization where it belongs.

Defining Information Security

Information security is the theory and practice of only allowing access to information to people in an organization who are authorized to see it. While this includes access to information contained on computers, the concept is much broader than computers, encompassing all records under the control of an organization.

The concept originated with the U.S. Central Intelligence Agency as a way to make sure documents were safe from being altered or accessed by people who weren't supposed to be able to obtain them, especially classified information.

There are a few basic principles when it comes to information security


One of the first basic principles is confidentiality. This simply means that information is not available to people who aren't authorized to view it. For example, in many companies information on how much employees are paid is kept secret. If an employee accessed the payroll records and found how much a colleague was paid, it would be a violation of the principle of confidentiality.


Integrity in the context of information security means that people can trust that the information in an organization hasn't been tampered with in some way. For example, the accounting department in a company needs to be sure that sales data, expense data and so on are accurate so they can generate quarterly financial statements. If a company was found to be falsifying financial data, it could be in serious trouble.


Availability means that people who are authorized to view data can do so when they need access. Since so much information is contained in computer systems, this means that IT departments have to make sure their systems are as reliable as possible.

In large enterprise organizations, mainframe computers, with their reliability and redundant components, have long been the gold standard for high availability systems. These machines can run for years without having to be taken down for maintenance.

Maintaining Information Security

Even though every organization these days stores data on computers, information security does not strictly deal with them. Information security is primarily a management phenomenon. Good information security starts from the top and is reflected in good IT policy. Organizations can't expect to simply rely on the IT department to maintain security. It's really the duty of everyone to make sure that information, both public and confidential, remains secure and reliable.

Effective information security means deciding who should have access to which information. One of the best practices is the principle of least privilege. This means that people should only have access to the information they need to do their jobs and no more.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account