Information & Security

Information security is the practice of defending information and information systems from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Because law requires information to be trustworthy, the requirement of information security, including physical security, is paramount. While this is a general requirement, it is important to point out that most jurisdictions across the world have entire bodies of security legislation with their own requirements including, international co-operation in defense of terrorism, crime and the like and which provide for lawful interception, monitoring and surveillance.

Key concepts in information security are ‘confidentiality’, ‘integrity’ and ‘availability’. Known as the ‘CIA Triad’ where:

  • Confidentiality means preventing the disclosure of information to unauthorised individuals or systems
  • integrity means maintaining and assuring the accuracy and consistency of information over its entire lifecycle
  • availability means that information must be accessible as and when it is needed by persons and systems authorised to access it

Broadly speaking information security requires the assessment and management of numerous areas of an organisation’s functions and activities. These are:

  • Information security and risk management
  • access control
  • security architecture and design
  • physical and environmental security
  • telecommunications and networking
  • cryptography
  • business continuity and disaster recovery
  • law, regulation, compliance and investigations
  • application security
  • operations security

Information security is paramount. In certain cases the law prescribes it. Without it, information cannot be trusted. Furthermore, it has direct bearing on the duties of care and diligence which can lead to legal liability even in the absence statutory and common law.

Where information is required to be handled in a particular way, the relationship between information security and information types such as personal information (privacy) is critical. Deep knowledge of the requirements and experience in how to achieve the necessary outcomes is vital for maximising the value of information while minimising associated risks and costs. Information Legal has both the knowledge and the experience to provide advice and assist with hands-on practical project engagements.