Given the strategic dependence on information and information technology by individuals, workgroups (teams), organizations, industries, nations, and society overall, it is imperative that the integrity of that information is maintained in all three states – during transmission, during storage, and during processing. Information (and information systems) security management is the process of ensuring the confidentiality, integrity, and availability of information whenever and wherever it is transmitted, stored, and processed (sometimes called the “CIA Triad”). While perfect security is desirable, it is unfortunately unattainable. There are numerous active and passive threats to the security of information, as well as responses to these threats that must be adopted by individuals, teams, and organizations. Various technical and behavioral controls are used to counter these threats, but this article will focus on the behavioral controls.
Threats characteristics and threat examples are discussed below, as are the responses to such threats. Research findings support the importance of both internal and external threats, with internal threats demonstrating the greatest negative impact in most cases. Factors that contribute to individual compliance with security policies will be discussed, along with some discussion of the intentional violation of security protocols and policies by malicious individuals.