Information security is such a wide-ranging topic that it can be rather difficult to define precisely what it is. So when it came time for me to try to define it for the introduction of this chapter, I was stuck for a long period of time. Following the recommendation of my wife, I went to the best place to find definitions for anything-the dictionary. I pulled up the Merriam-Webster dictionary online and came up with these entries: Main Entry: in·for·ma·tion Pronunciation: Function: noun

And for security, my result was this: Main Entry: se·cu·ri·ty Pronunciation: sikyur′i t ē Function: noun Inflected Form (s): plural-ties 1: the quality or state of being secure: as a: freedom from danger: SAFETY b: freedom

from fear or anxiety c: freedom from the prospect of being laid off <job security>

2a: something given, deposited, or pledged to make certain the fulfillment of an obligation b: SURETY

3: an evidence of debt or of ownership (as a stock certificate or bond) 4a: something that secures: PROTECTION b (1): measures taken to guard against

espionage or sabotage, crime, attack, or escape (2): an organization or department whose task is security

So even after looking up information security in this dictionary, I still did not have a good way to describe and explain what information security was. Considering that I have worked in information security for almost nine years now, it was a little unsettling to not be able to define, at the most basic level, what I really did. The greatest difficulty in defining information security is, to me, because it is a little bit like trying to define infinity. It just seems far too vast for me to easily comprehend. Currently, information security can cover everything from developing the written policies that an organization will follow to secure its information, to the implementation of a user’s access to a new file on the organization’s server. With such a wide range of potential elements, it often leaves those in information security feeling as if they are a bit of the “Jack of all tradesand master of none.” To give you a better feeling of the true breadth of information security, we will cover some of the more common aspects of information security in brief. All of the facets that we cover in the next few paragraphs are discussed in more detail throughout the remainder of the book.