Information security (infosec) is the set of business processes that protects information assets regardless of how the information is formatted or whether it is being processed, is in transit or is being stored.
Information security is not a single technology; rather it a strategy comprised of the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Processes and policies typically involve both physical and digital security measures to protect data from unauthorized access, use, replication or destruction. Infosec management can include everything from mantraps to encryption key management and malware detection.
Infosec programs are important for maintaining the confidentiality, integrity and availability of IT systems and business data. Many large enterprises employ a dedicated security group to implement and maintain the organization's infosec program. Typically, the group is led by a chief information security officer (CISO).