What is Information Security?
Information Security is the ongoing process of exercising due care and diligence to protect information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. It’s main objective is maintaining the information under the principles of Confidentiality, Integrity, and Availability.
- Confidentiality is the term used to prevent the disclosure of information to unauthorized parties.
- Integrity means that the information is maintained without modifications.
- In order to serve its purpose, the information needs to be available whenever it is needed.
UNESCO’s information systems and networks are an integral part of the Organization and are fundamental to its continued success. Substantial human resources and financial investments go into maintaining them and ensuring that they continue to evolve in order to meet the changing requirements of the Organization, both at HQ and in the field.
Inadequate information security and continuity is a substantial business risk that threatens not only important organizational assets, but also business processes critical to the continued operations of the Organization.
Information security is therefore vital. However, a good IT security system should aim to strike the right balance between the necessary security-related restrictions and users’ comfort.
Information Security is intended to support the protection, control, and management of the Organization’s information assets, which includes data and information that is stored in databases or on computers, stored in applications, transmitted across the internal and public networks, and stored on removable media.