Information security is all about protecting information assets while making them available to legitimate users in reasonable time. Practically, the whole concept of information security planning and implementation revolves around attack threats and defense options, similar to military tactics and strategy. A threat is any probable harm (intentional or unintentional) that may exploit some vulnerability in a system. Possible defensive options must be analyzed and put in the form of controls to guard against threats.
The most important element in this war game of information security is the data that must be protected. Data in an organization includes all kinds of information about clients, business entities, products, financial capacity, state of projects, location/site plans, technical parameters, etc. In today’s environment, with data breaches are on the rise, it is important for enterprise executives to be concerned with safeguarding their data, assisted by their information security department. While technical implementation details can be left up to the information security department, executives must know how to best secure their data.