Information security is the protection of information from various threats in order to ensure the continuity of business processes, reduce business risk, and increase return of investment (ROI) and business opportunities. In designing an information system security system, there are aspects of information security that need to be considered. These aspects include:
Confidentiality
Aspects that guarantee the confidentiality of information or data and ensure information can only be accessed by authorized parties.
Integrity
Aspects that ensure data cannot be changed without the permission of the authorized party, maintain the completeness of information and guard against damage or other threats that can cause changes to the original information or data.
Availability
Aspects that ensure that data will be available when needed and ensure users can access information without interruption.
According to (Whitman & Mattord, 2011) information is one of the assets that is important to protect its security. Companies need to pay attention to the security of their information assets, information leaks and system failures can result in losses both on the financial side and the productivity of the company. Security in general can be defined as ‘the quality or state of being secure-to be free from danger’. Examples of information security overviews are as follows:
- Physical Security, a strategy that focuses on securing organizational members, physical assets, unauthorized access and the workplace from various threats including fire hazards.
- Personal Security, a strategy that focuses more on protecting the people in the organization
- Operation Security, a strategy to secure the ability of an organization or company to work without threat interference.
- Communications Security, a strategy that aims to secure information media and information technology.
- Network Security, a strategy that focuses on securing network equipment on organizational data.
Information security is protecting information from possible threats in an effort to ensure business continuity, reduce risk levels and accelerate or maximize investment decisions and business opportunities. The level of security on information also depends on the level of sensitivity of the information in the database, information that is not too sensitive the security system is not too strict while for highly sensitive information it is necessary to set a strict level of security for access to that information.