In general, information security can be defined as the protection of data that owned by an organization or individual from threats and or risk. According to Merriam-Webster Dictionary, security in general is the quality or state of being secure, that is, to be free from harm. According to Oxford Students Dictionary Advanced, in a more operational sense, security is also taken steps to ensure the security of the country, people, things of value, etc. Schneier (2003) consider that security is about preventing adverse consequences from the intentional and unwarranted actions of others. Therefore, the objective of security is to build protection against the enemies of those who would do damage, intentional or otherwise. According to Whitman and Mattord (2005), information security is the protection of information and its critical elements, including the systems and hardware that use, store and transmit that information. Information security is the collection of technologies, standards, policies and management practices that are applied to information to keep it secure.
The information security performs four important functions for an organization which is enables the safe operation of application implemented on the organization’s Information Technology (IT) systems, protect the data the organizations collects and use, safeguards the technology assets in use at the organization and lastly is protect the organization’s ability to function.
The information security also enables the safe operation of application implemented on the organization’s Information Technology (IT) systems. This is because to protect the data, the organization will applied or install the appropriate software that will secure the data such as antivirus and others protected applications. So, information security is very important in an organization to protect the applications that implemented in organizations and protect the data store in computer as well. Besides protect the data, the application installed also need to be protect because it can contribute to information lost or damages.
Information security will protect the data the organization collects and used. If the information is left unprotected, the information can be accessed by anyone. If the information falls into the wrong hands, it can destroy lives, dropping business and can also be used to do harm. Information security programs will ensure that appropriate information is protected both business and legal requirements by taken steps to protect the organizations data. In addition, taken steps to protect organizations information is a matter of maintaining privacy and will help prevent identity theft.
In an organization, information is important business assets and essential for the business and thus need appropriate protected. This is especially important in a business environment increasingly interconnected, in which information is now exposed to a growing number and a wider variety of threats and vulnerabilities. Cause damage such as malicious code, computer hacking, and denial of service attacks have become more common, more ambitious, and more sophisticated. So, by implemented the information security in an organization, it can protect the technology assets in use at the organization.
In term of protecting the functionality of an organization, both general management and IT management are responsible for implementing information security that protects the organization ability to function. Information is the most important element in organization to do business. Besides that an organization is kept their customers information, so it is crucial for them to protect the information. Without information, the business cannot be run. By secure the information store; it can enable the organization to run business as well. That’s why the information security is important in organizations.