Introduction to Information Security

A gentle overview of why security matters when information lives on networked computers instead of in locked filing cabinets.

The Networked World

Modern networks connect computers across countries and continents. This global reach is powerful: people and organizations can exchange information almost instantly, regardless of geography or time of day.

That convenience comes with risk. When information is stored and shared electronically, it can be copied, altered, or destroyed by people who never set foot in the building—and who might not even live in the same country. Attackers can also create new files, run programs, and try to hide all traces of their activity.

Key idea: Networked information is easier to access and therefore easier to misuse than paper locked in a cabinet.

Basic Security Concepts

Information security is often summarized with three core properties, plus a set of concepts that describe how people safely use systems.

Core properties

Confidentiality Integrity Availability

Confidentiality

Confidentiality means that only authorized people can read the information. When someone else can see or copy it, confidentiality is lost. Research data, financial plans, medical records, and tax information are examples where privacy may be required not only by ethics but also by law.

Integrity

Integrity means that information is trustworthy and has not been changed in an unauthorized way. Accidental errors or deliberate tampering that alter data count as integrity failures. This is especially critical for safety and financial systems, such as air traffic control or electronic fund transfers.

Availability

Availability means that people who are authorized to use information can actually get to it when they need it. Deleted files, crashed servers, or overloaded services can all cause a loss of availability. For many service businesses, this is the most visible security problem—customers experience it as systems being "down." When a service is intentionally overwhelmed so that no one can use it, this is called a denial of service.

People and access

Authentication Authorization Nonrepudiation

To keep information both usable and protected, systems must know who a user is and what they are allowed to do.

  • Authentication is the process of proving identity, often using something you know (a password), something you have (a token or smartcard), or something you are (a fingerprint or other biometric trait).
  • Authorization is deciding what an authenticated user is allowed to do—such as reading a file or running a program.
  • Nonrepudiation means that actions can later be tied back to whoever performed them, so the person cannot credibly deny having done so.
When these concepts work together, users can trust that the information they depend on is private when it should be, accurate when it matters, and available when they need it.

What Can Happen in an Insecure Environment

On an insecure network, it is surprisingly easy for intruders to gain access and difficult for defenders to spot them. Even a single poorly-protected computer can become the weak link that exposes an entire organization.

Attackers often start by gathering seemingly harmless details—such as what software is installed, how systems are configured, which network connections are used, and how people log in. Combined, this information can reveal paths into critical systems.

If they succeed, intruders may be able to view sensitive records, alter key files, steal personal data, or run their own programs. The results can range from mild inconvenience to serious harm:

  • Lost staff time and productivity while systems are repaired.
  • Financial losses or missed business opportunities.
  • Damage to an organization’s reputation or ability to compete.
  • Legal consequences when private information is exposed.
  • For individuals, risks such as identity theft or misuse of medical and financial records.

Because no sector is exempt—from banks and hospitals to universities and utilities—awareness and basic protective measures are essential for everyone who connects to the internet.