Views:814 | By: Benson In a nutshell, information security is the practice of protecting information by mitigating information risks.

These risks include; unauthorized access, use, disclosure, disruption, modification, inspection, recording and destruction of information.

To tackle these risks, three objectives are used namely CIA - Confidentiality, Integrity and Availability. Organizations should stay up to date and respond to CIA threats in a timely manner.

These three questions help in analyzing and coming up with the right strategies;
1. What are the threats to information security?
2. Which of these threats are most serious?
3. How frequently are these threats observed?

The good thing about these questions is there are resources online providing updated information on them. They include; Attacks as presented in CAPEC website @ capec.mitre.org and Top 10 Application Security Vulnerabilities as presented at owasp.org.


The take away is if your organization is able to train/create awareness among employees and come up with policies to handle the information security threats then your health should get and stay better with time.