information security

Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Acronyms, Wikipedia.

information security

The protection of data against unauthorized access. Programs and data can be secured by issuing passwords and digital certificates to authorized users. However, passwords only validate that a correct number has been entered, not that it is the actual person. Digital certificates and biometric techniques (fingerprints, eyes, voice, etc.) provide a more secure method (see authentication). After a user has been authenticated, sensitive data can be encrypted to prevent eavesdropping (see cryptography).

Authorized Users Can Be the Most Dangerous
Although precautions can be taken to authenticate users, it is much more difficult to determine if an authorized employee is doing something malicious. Someone may have valid access to an account for updating, but determining whether phony numbers are being entered requires a great deal more processing. The bottom line is that effective security measures are always a balance between technology and personnel management. See Parkerian hexad, information assurance, security scan, security audit, audit trail, NCSC, ICSA, access control, share-level security, user-level security and social engineering.

Face Recognition
Face recognition is one of the best ways to authenticate a person. This TrueFace system from Miros uses neural network technology to distinguish a face with different appearances, such as with and without glasses and changing hair styles. (Image courtesy of Miros, Inc.)
References in periodicals archive ?
Hardware and Information Security Software (includes
From an EU-policy perspective, the activities related to network and information security are interrelated with the legal framework for telecommunications, data protection, and cyber crime.
ISC)2[R]] is the internationally recognized Gold Standard for certifying information security professionals.
ISO 17799 suggests developing a "cross-functional forum of management representatives from relevant parts of the organization" as a precursor to effectively implementing a company-wide information security management program.
Our experts throughout the world work hard to research and develop the most effective education programs and our highly trained instructors deliver these programs to our members and certification candidates to ensure they have the necessary tools to be effective information security professionals," said Marc Thompson, global business development for (ISC)2.
What internal and external information security threats are rated as most important?
Certification against recognized standards will continue to gain wider acceptance as a key component of information security.
The 13-member volunteer advisory board was established in 2004 to provide insight and guidance to the (ISC)2 executive management team on information security policies and trends, and make recommendations regarding the professional education and certification of industry professionals in North, Central and South America.
Information security professionals attending the 2007 RSA Conference can obtain a hard copy or CD version of the 2007 Resource Guide at various locations throughout the conference, including the (ISC)2 booth.
ISC)2's commitment to continually developing nationally and globally recognized certification programs for information security is highly commendable, and not easy to accomplish," said Dr.
Beyond possessing extensive knowledge of the information security profession at the highest levels, we selected Mr.
The (ISC)2 CISSP CBK is a taxonomy of information security topics organized into 10 domains.

Full browser ?