How do you define Information security?

Recently, I posted a question on LinkedIn. I asked LinkedIn professionals and everybody else how they define Information security. The reason behind the question is simple - I meet a lot of people thinking I am a IT-security guy. And allthough I do know what a firewall is, and how to operate an IPS, I am an Information security specialist. To me, that means I deal with information - not only the technology we use to communicate.

Not surprisingly, many answers where in the technology-sphere:

• I define it as the protection of the confidentiality, integrity and availability of sensitive data.
• interpretation is the building of a Digital Infrastructure ( D.I ) to be able to authenticate and verify the real person versus an imposter.
• the technological methods deployed by the intruders to hack this information versus technological methods used by you to protect this data

To me, technology is merely the tools we apply to get a part of the job done. So it is only important when the information itself resides or communications using technology.

A few smart comments where made as well:

• I'd rather clearly view the difference between information and desinformation.
  

Juri here points directly as one important feature of information security - the control of information, and the extension of using the same control to impact your environment. An example is from the spying business, where disinformation is used to create FUD. The same is applied by vendors in their sales process, making the customer uncertain about choosing the competitors products.

Although disinformation is not widely focused upon in the industry, I find it very interesting and important. Not necessarily to use it, but to understand that others might be.

---

Not surprisingly, Bruce Schneier's definition surfaced, in Jennifers wording:

Security is a defense against something intentional; Safety is a defense against something accidental.

My favorite is the definition made by Bruce Hallas. He will smile now!

"Security is about the management of commercial risk stemming from the interaction between people, both known and unknown, with an organizations information and information systems."

---

Imo, when security personal cries about not getting heard by their management, I believe they are responsible themselves. The purpose of security is not security it self, but the control of risks related to the organization.