So, what is information security? Well, it deals with the confidentiality, integrity and availability of information, whether it is stored on a computer, written on paper, transmitted over the Internet or even spoken to the person beside you. The confidentiality aspect involves ensuring that only those who are authorised to access data should be able to do so. Integrity means ensuring that you are able to confirm that data has not been modified without authorisation or accidentally corrupted. Availability deals with ensuring that data is always available to authorised users when it is needed.

Together, these three elements ensure a secure system, be it a computer, a credit card or an entire organisation.

The vulnerability of information depends on its state, whether it is in storage or in transit. A lot of information stored on computer systems is sensitive. This could include company finances and payroll data, sales and customer lists, in-house applications and credit card or banking details. This information can be attacked by hackers, who attempt to bypass security systems, by malicious software, such as computer viruses and by system failures. Despite best intentions, information can also be accidentally modified or corrupted. Things that can happen to stored information include:
 

	Information access or modification without authorisation
	Data Corruption (either accidentally or intentionally)
	Denial of access to applications or files
	Deletion of applications or files (either accidentally or intentionally)

When information is transmitted, it is also vulnerable. Data can be intercepted by accident, e.g. an e-mail might be read by an unauthorised user on an unattended PC, or delivered to the wrong recipient. Things that can happen to information in transit include:
 

	Data can be intercepted deliberately
	Data can be deleted, added to or altered
	The apparent origin of the data can be forged
	Previously transmitted or stored data can be used again, out of context
	An acknowledgement can be falsified
	Errors can occur in transmission

The Malicious Code section explains computers viruses and other forms of malicious code. The Content Security section deals with issues surrounding the content of electronic communications (such as and email message or attachment, downloaded files from the Internet, Chat messages etc.) . The Hacking & Fraud section gives an insight into some of the methods used to attack systems.