Information security is vital in an era in which data regarding countless individuals and organizations is stored in a variety of computer systems, often not under direct control. It is important to remember that security and productivity are often diametrically opposing concepts, and that being able to point out exactly when people are secure is a difficult task. This chapter covers some of the most basic concepts of information security. It discusses the diametrically opposing concepts of security and productivity, models that are helpful in discussing security concepts, such as the confidentiality, integrity, and availability (CIA) triad and the Parkerian hexad, as well as the basic concepts of risk and controls to mitigate it. Lastly, the chapter also covers defense in depth and its place in the information security world. Defense in depth is a particularly important concept in the world of information security. To build defensive measures using this concept, multiple layers of defense are put in place, each giving an additional layer of protection. The idea behind defense in depth is not to keep an attacker out permanently but to delay him long enough to alert one to the attack and to allow one to mount a more active defense.
