Information security (INFOSEC) is the preventive protection of personal and corporate information and is focused on critical business processes. Such protection applies equally to persons, companies, systems and processes and is achieved through integrity, availability, confidentiality, bindingness, verifiability and authenticity. Information security is designed to prevent the loss, manipulation, unauthorized access, and corruption of data.
The basis for information security can be achieved through conceptual, organizational and operational measures. This includes the implementation of security-related principles of the company's information security policy, which defines the company's information security objectives and their realization. The identification and elimination of vulnerabilities and security gaps.
The problem areas of information security include all infrastructure components involved in data transmission and data processing, networks and end devices, corporate networks, the Internet and the complete application area including cloud computing. Therefore, application security and cloud security are also essential aspects of information security.
An important approach to information systems security is the British Standard BS 7799 and the ISO Standard 17799 as implementation guidelines. These two security standards are taken into account in the ISO 27001 security standard.