What is Information Security?

Information security (INFOSEC) has managed to get a tremendous amount of attention in the past few years, even grabbing headlines in the mainstream media. Despite this attention, asking ten people what INFOSEC is will likely result in ten different answers. To some people, security is about keeping the bad guys out of their systems. To others, security is about elimination of all threats. To still others, security is about management of risk. Despite the presence of security in the mainstream consciousness, outside of the INFOSEC community, there still isn't much agreement about what exactly security means.

By 2004, annual expenditures on security products and services is expected by IDC to climb to over $17 billion. Yet with all of this spending, we see more security incidents taking place, and those incidents are becoming more expensive. Reality Research estimated that aggregate annual losses due to the single problem of viruses in 2000 climbed to over $1.5 trillion. The insurance industry has been looking seriously at this problem, with computer attack insurance packages up to $100 million being offered. Clearly, security--whatever it is--is important.