What is information security?

Information security, sometimes shortened to InfoSec, is the practice of protecting information from unauthorized access, misuse, exposure, destruction, modification, inspection or recording.

For any information, information security strives to maintain its:

  • Confidentiality
  • Integrity
  • Availability

CIA Traid

The CIA in CIA Triad stands for: Confidentiality, Integrity, and Availability. The CIA triad provides a security model to help people understand the important aspects of information security they are:

information security interview questions and answers



The term is closely related to privacy. Confidentiality means that access to confidential information must be restricted only to authorized people.

For example, keeping a client’s information only between you and client and not disclosing it to other employees is confidentiality.

To ensure confidentiality proper access control mechanism should be in place. File permissions should be set. Encryption can be done so that only the authorized person can decrypt it.


Integrity means the data in transit/rest is not modified and is accurate. Accuracy and consistency of data should always be maintained.

For example, when you send some data to client it should reach them as it is. If any other person is able to modify the contents and forwards it to the client then the integrity of the data is lost.

Integrity can be achieved by restricting access to sensitive data using access control lists. Encryption can also be done.


Availability means the data is always available and accessible to the right people at the right time. i.e When needed.

For example, when your hard disk crash, you don’t have access to the data in it. i.e. it is unavailable to you.

To ensure availability of resources we can rely on back-ups. Regular off-site back-ups can be taken.

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *