What is Information Security ?
Information Security (Wikipedia Definition) is a broader term than IT Security or Internet Security or Enterprise Data Security.
Information Security encompasses data stored in digital fashion (electronic format), trade secrets, know-how, intellectual property rights, historical data, information on data access, policies and procedures laid down, compliance & standards established within the organization, plans and budgets, financial & management data, brochures, images, logo and designs, employee information and so on and so forth.
Information Security includes the organization’s policy on IT Security, Internet Security, Enterprise Data Security, etc.,. To put it in other words, it looks at protecting / safeguarding information and information systems from anyone including employees, consultants, suppliers, customers and of course, malicious hackers.
However, people often confuse information security with IT Security. IT Security is a term which is more concerned with the protection of hardware, software and a network of an organization, from the perils of disaster and external attacks (through virus, hacking, etc.,). It is more to do with the electronic data and is covered in the IT Policy of an organization, whereas Information Security Policy goes beyond the network and applies to the organization as a whole.
Internet Security (Wikipedia Definition) on the other side, is more concerned with the internet architecture and covers the protection required during communication between two computers over the internet / intranet.
There is also another school emerging, claiming that Information security is about securing information in the broadest sense. Information security should be governed by the exec management through goals, strategies and finally as policies. The technological side of things are left to specialists – and include physical security, logical security, HR and information management. Corporate governance and internal control are key to succeed.