A lot of people may be seeing more and more of the word “InfoSec” without really putting it in its right context or grasping its meaning.

Short for “Information Security”, the term was first exclusive to the military, along with other words such as RECON and INTEL (all now used in IT parlance today).

In its simplest interpretation, the term InfoSec describes the process of securing information and information processing systems (yes, computers are in this category) from unauthorized access and disclosure (Confidentiality), modification (Integrity), or destruction (Availability). When refering to CIA, anyone in the Information Security business wouldn’t go for a definition of “Central Intelligence Agency”. Ensuring the Confidentiality, Integrity, and Availability is at the centre of the meaning of InfoSec.

There’s more to that however. InfoSec is now a catch-all word for all processes directly or indirectly linked to the CIA triad, such as Risk Management, Compliance, Business Continuity, digital forensics, etc.

So, i hope that next time, you’ll know what us Security people refer to, when we say something like “I need to do a RECON and gather INTEL on their INFOSEC policy”.