Why information security matters
INF001
Every organisation relies on the confidentiality, integrity, and availability of the information it processes, stores, and communicates.
Robust information security is a business enabler
Strong information security helps your organisation to:
- maintain the trust and confidence of the public, customers, and partners
- keep your important information safe and available to those who need it
- reduce the risks of your information being lost, damaged, or compromised
- avoid costs of recovery after an incident, as well as costs of downtime and lost productivity
- comply with regulation and legislation.
Threats and risks are increasing and evolving
Threats to the security of your information can come from inside and outside your organisation. Your information in all forms (for example, electronic, printed or spoken) needs to be appropriately protected. Information stored and processed on IT systems or mobile devices is vulnerable to cyber-specific threats.
We are far more exposed today than ever before.
- We have increasing quantities of electronic information, and organisations are often heavily dependent on it to function.
- We have cloud, social media, mobile, and other emerging technologies, which have increased the ways critical information can be accessed.
- We face increasing and continually evolving threats that make detection challenging.
External actors and disgruntled insiders have been known to:
- expose or publish sensitive information in the public domain
- encrypt and then ransom critical information
- sell information to competitors and interested parties
- steal intellectual property (IP)
- compromise organisations by destroying or denying access to records.
Your people may also accidentally compromise your information because they:
- lack awareness of your security practices and why they’re important
- get distracted or complacent while handling organisational information
- provide access to other parties seeking information for criminal or other inappropriate purposes. For instance, ‘social engineering’ attacks attempt to manipulate people into breaking normal security controls, often disguising themselves as someone trusted through phishing, pretexting, baiting, quid pro quo, and tailgating or other means.