Information security also known as InfoSec is a set of strategies that is used for the managing of the different processes, tools and policies that are needed for the prevention, detection, documentation and countering of any form of threats to digital and non-digital information. Information security has several responsibilities which include the establishment of a set of business processes that will protect information assets whether the information is in an electronic format, paper format or oral format. It is also responsible for protecting information that is currently being processed, in transit or in a storage device.
The fundamentals of information security programs are based upon the major objectives of the CIA triad. The major CIA triads are ensuring that the integrity, confidentiality, and availability of IT systems and business data are well maintained.
These core objectives are to protect information against unauthorized use, disclosure and access to Protected Health Information (PHI). Only those with authorization are and should be given access to PHI to modify the PHI, use the PHI or have knowledge of the PHI. Different organizations have their own stated information security policies and measures and processes of implantation. However, these policies and measures must be in compliance with the stipulated state and national laws on information security. Every organization’s worth is based on its level of information and if an organization has a bank of information and does little or nothing to protect the information, then it is seemingly valueless. Organizations’ information is always under the threats of malware and phishing, ransomware and theft. Therefore, there must be different strong security measures that are in place to keep information from being accessed, used, modified and shared with unauthorized persons.It is advisable that organizations should not only have a security team to ensure the security of their information, but should also have what is called an Incident Response Plan (IRP) which will be used to contain and limit damages to information due to any disaster.