What is Information Security? Information security means that the confidentiality, integrity and availability of information assets is maintained. Confidentiality: This means that information is only used by people who are authorized to access it. Integrity: It ensures that information remains intact and unaltered. Any changes to the information through malicious action, natural disaster, or even a simple innocent mistake are tracked. Availability: This means that the information is accessible when authorized users need it. Information Security Threats: Most common types of information security threats are: Theft of confidential information by hacking System sabotage by hackers Phishing and other social engineering attacks Virus, spyware and malware Social Media-the fraud threat Theft of Confidential Information: One of the major threat to information security is the theft of confidential data by hacking. This includes theft of employee information or theft of trade secrets and other intellectual property (IP). Theft of Employee Information Employee information includes credit card information, corporate credit card information, social security number , address, etc. It also includes theft of healthcare records as they contain personal information such date of birth, address, and name of relatives. Theft of Trade Secrets and other Intellectual Property (IP) Technology from various verticals including IT, aerospace, and telecommunications are constantly stolen by outsiders or insiders (industrial espionage). China is a growing offender as it continues to advance in technology relying on theft of international trade secrets and IP. Piracy/copyright infringement. Corporate business strategies including marketing strategies, product introduction strategies. System Sabotage: What is system sabotage? Planting malware on networks of target organization and generating an enormous amount of transaction activity resulting in malfunction or crash of the system. Who would perpetrate it? System sabotage is usually committed by disgruntled ex-employees and by remote cyber-attackers for no particular reason. The most sensational case of system sabotage: One of the recent examples is the sabotage of Sony PlayStation. Phishing: To obtain confidential data about individuals-customers, clients, employees or vendors that can be used to commit various types of identity fraud such as: Opening bank accounts in victim’s name Applying for loans in victim’s name Applying for credit cards in victim’s name Obtaining medical services in victims name (e-death) Other kind of more sophisticated social engineering attacks include spear-phishing. Spear-phishing targets specific individuals such as AP manger, controller, senior accountant to gain access to corporate bank accounts and transfer funds abroad. Other threats include: Smishing: Phishing via SMS (texting) Vishing: Phishing via voice (phone) Mobile hackin