Every day the news media reports stories such as these:
Organizations use and store a lot of data to conduct their business operations. For many, information is one of their most important assets. Organizations use large and complex databases to keep track of customer product preferences, as well as manage the products and services that they offer customers. They also transfer information to other businesses so that both companies can benefit.
Organizations collect data for many reasons. Much of the data they collect is personal information, which can be used to identify a person. Personally identifiable information includes the following:
Based on media reports, security breaches appear to be growing both in number and in the severity of damage they cause to organizations. These breaches result in data that is lost, stolen, disclosed without permission, or rendered unusable. A security breach can damage an organization’s reputation, which may prompt customers take their business elsewhere. Following a breach, the organization may also have to pay fines and/or defend itself in court. If a security breach is particularly bad, an organization’s leaders can face criminal charges.
As noted, an organization that fails to protect its information risks damaging its reputation—or worse. Information security is the term that generally describes the types of steps an organization should take to protect its information.