Data security is the physical protection of data and encryption of data in storage. While Information security is the prevention of access, use, disruption and modification of information, such as processes, knowledge, user interface, etc.
There are two risks factors involved in protecting data and information:
Missing data or information, such as inability to trace where the data is stored
Human critical mistakes that can be broken down into three (3) categories:
Deliberately losing or disclosing data and information, such as theft, installing virus, etc., with the intent to cause harm
Deliberately losing or disclosing date and information, such as accessing unauthorized sites, snooping, etc., with no intent to cause harm
Inadvertent actions, such as accidental email, incorrectly sending billing information to wrong recipient, etc.
Data and information security is guided by the core components namely, Confidentiality, Integrity and Availability. This security model helps organization keep their confidential data and information protected from unauthorized access.
To learn more about Commercial Confidentiality, please proceed to the next topic.