Information security is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. The field is multidisciplinary and may include aspects of communications engineering, cryptography, computer science, information technology security, and organizational security.
The central principle of information security is confidentiality (keeping information secret). An attacker or other entity may be eavesdropping on your communications or trying to access sensitive data you are sending over a network. Information systems come under attack from both internal and external sources. While external threats are usually easier to detect and eliminate, they can still cause serious damage to an organization's reputation.
A major objective of information security is protecting vital information — whether in transit or at rest — against threats like hackers and viruses. If this isn't done properly, attackers can steal data or destroy systems that contain confidential information. They can also disrupt operations by causing system crashes or denial-of-service attacks.
