What is information security?

Information security is about protecting information assets from unauthorized access, disclosure, alteration, or destruction, using a mix of people, processes, and technology. It involves implementing policies, procedures, and controls to manage risk and to ensure confidentiality, integrity, and availability of information, no matter what form it takes. The description that best matches this scope is the one that defines information security as the practice, policies and principles to protect digital data and other kinds of information. It captures both digital and non-digital information and the organizational controls that guard them. The other options refer to data compression, a routing protocol, or physical security for buildings, which don’t address protecting information in its full context.