<Tr> <Td> <Ul> <Li> </Li> <Li> </Li> <Li> </Li> </Ul> </Td> </Tr> <Ul> <Li> </Li> <Li> </Li> <Li> </Li> </Ul> <P> Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information . It is a general term that can be used regardless of the form the data may take (e.g., electronic, physical). Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity . This is largely achieved through a multi-step risk management process that identifies assets, threat sources, vulnerabilities, potential impacts, and possible controls, followed by assessment of the effectiveness of the risk management plan . </P> <P> To standardize this discipline, academics and professionals collaborate and seek to set basic guidance, policies, and industry standards on password, antivirus software, firewall, encryption software, legal liability and user / administrator training standards . This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, and transferred . However, the implementation of any standards and guidance within an entity may have limited effect if a culture of continual improvement isn't adopted . </P>

What is the primary purpose of information security (infosec)