What is information security (InfoSec)?
Safeguard sensitive information across clouds, apps, and endpoints.
Key elements of information security
InfoSec comprises a range of security tools, solutions, and processes that keep enterprise information secure across devices and locations, helping to protect against cyberattacks or other disruptive events.
Policies, procedures, tools, and best practices enacted to protect applications and their data.
Policies, procedures, tools, and best practices enacted to protect all aspects of the cloud, including systems, data, applications, and infrastructure.
An algorithm-based method of securing communication meant to ensure only intended recipients of a specific message can view and decipher it.
A method to reestablish functional technological systems in the wake of an event like a natural disaster, cyberattack, or another disruptive event.
An organization’s plan for responding to, remediating, and managing the aftermath of a cyberattack, data breach, or another disruptive event.
Security that encompasses an organization’s entire technological infrastructure, including both hardware and software systems.
The process an organization takes to identify, assess, and remediate vulnerabilities in its endpoints, software, and systems.
Learn more about Microsoft Security
A comprehensive approach to security.
Information protection and governance
Help safeguard sensitive data across clouds, apps, and endpoints.
Microsoft Purview Information Protection
Discover, classify, and protect sensitive information wherever it lives or travels.
Information Protection blog
Learn about feature updates and new capabilities across Information Protection in the latest blogs.
Cybersecurity falls under the broader umbrella of InfoSec. While InfoSec encompasses a wide range of information areas and repositories, including physical devices and servers, cybersecurity only references technological security.
InfoSec refers to security measures, tools, processes, and best practices an enterprise enacts to protect information from threats, while data privacy refers to an individual’s rights to control and consent to how their personal data and information is treated or utilized by the enterprise.
Information security management describes the collection of policies, tools, and procedures an enterprise employs to protect information and data from threats and attacks.
An ISMS is a centralized system that helps enterprises collate, review, and improve its InfoSec policies and procedures, mitigating risk and helping with compliance management.
The independent entities of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed a set of standards on InfoSec, intended to help organizations across a broad range of industries enact effective InfoSec policies. ISO 27001 specifically offers standards for implementing InfoSec and ISMS.