What is Information Security? Why It’s Important, Job Outlook and More

Two-factor authentication, user permissions and firewalls are some of the ways to protect private information from outside sources.

Dr. Dennis Backherms, an information technology (IT) professional and associate dean of cybersecurity programs at Southern New Hampshire University (SNHU), defined information security as the protection of all information. “That information can be physical, such as a handwritten note, or digital, such as electronic medical records,” he said.

Backherms has dedicated his career to fortifying information systems against evolving cyberthreats. His experience spans government and private industry sectors, where he has focused on resolving cybersecurity challenges.

Due to the widespread usage of technology, the number of organizations needing protection from security threats has continuously grown. From large global corporations to small startups, anyone using technology to help run their business needs help to avoid security breaches.

If you're interested in working in the information security field, understanding what a cybersecurity degree is and how it can help may be a good place to start.

What Are the 3 Key Concepts of Information Security?

Information security, more commonly known in the industry as InfoSec, centers around the security triad: confidentiality, integrity and availability (CIA).

These principles, aspects of which you may encounter daily, are outlined in the CIA security model and set the standards for securing data:

1. Confidentiality limits information access to authorized personnel, like having a PIN or password to unlock your phone or computer.
   
   
2. Integrity ensures information can only be altered by authorized users, safeguarding the information as credible and presenting the organization or site as trustworthy.
   
   
3. Availability requires information to be accessible to authorized users any time they need it. To make this possible, systems need to be updated and software backed up.

"Cybersecurity professionals today are concerned more about insider threats and the human factor," said Backherms. "The human factor is considered the weakest link in any InfoSec program."

Implementing security controls no longer seems to be enough to protect data. Organizations need to ensure employees are trained properly on top of using software/hardware security controls.

Applying the CIA security model keeps information protected. With growing concerns over privacy and the security of confidential information of both individuals and corporations, companies are putting more resources toward cybersecurity.

“Most organizations never publish or make their data breaches known. Besides mitigating data loss, brand reputation is usually the number one concern for most large organizations, so we never hear of the most egregious breaches," said Backherms.

In fact, larger insurance companies have special policies that cover reputation to help mitigate brand damage should a breach be publicized.

What is an Example of Information Security?

Many organizations have recognized the importance of protecting private information from becoming public, especially when that information is sensitive. The Forbes Financial Council identified some of the top cybersecurity trends to keep an eye out for, including:

• Rise of AI: Artificial Intelligence (AI) had already become a key part of cybersecurity and a helpful tool to detect cyberthreats. According to Forbes, AI will be significant in analyzing real-time data to identify and respond to cyberthreats faster than a human-only team. It can also help organizations across industries by providing insights and improving supply chains.
  
  
• Increased Investment in Cloud Security: As more businesses begin moving to the cloud, protecting cloud environments is becoming a top priority. According to Forbes, in 2025, cloud security will be treated as its own focus, not just part of general cybersecurity. Stronger protections may be needed as more sensitive data and systems are moving into the cloud.
  
  
• A More Sophisticated Threat Landscape: Cyberthreats are growing more complex, with attackers using AI, social engineering and advanced malware against security defenses. These advanced cyberattacks may cause real-world harm or disruption, pushing governments and businesses to increase defenses.

Jobs in Information Security

Interested in being a part of an information security team but unsure of where your skills could be best used? Exploring the different types of jobs available in information security can help you find an IT occupation that not only interests you but will put your information security expertise to the test.

Some entry-level roles, according to the U.S. Bureau of Labor Statistics (BLS) and CyberSeek, include:

• Information security analyst: As an information security analyst, you'll keep up to date with the latest security and technology trends and inform upper management when updates are available to better protect sensitive information, according to BLS. Your duties could also include installing security programs and firewalls and periodically testing for weaknesses in the company’s systems. The median salary for this role in 2024 was $124,910, according to BLS, which projected a 29% growth in these positions through 2034.*
  
  
• Incident and intrusion analyst: Intrusion analysts are responsible for administering security-related hardware and software pieces. They strategize and remain prepared for security threats before they can even begin working on the front line of an organization's security.
  
  
• IT auditor: An IT auditor’s role is to assist an organization in protecting its data and controls within its technology systems. You will work to identify weaknesses in the technology and create ways to prevent security threats.
  
  
• Cybersecurity specialist: As a cybersecurity specialist, you will implement systems to ensure electronic information remains secure. You’ll monitor systems for signs of threats and vulnerabilities within an organization's tech systems. They also train others to know how to avoid and identify cybersecurity threats.

There are many pathways you can take in the information security field, and these entry-level positions could be a starting point for your career in this field.

How Can You Build a Career in Information Security?

Information security is a growing field that needs knowledgeable IT professionals. A cybersecurity degree can provide the expertise needed to meet the demands of organizations that want to step up their security game.

Husband and wife David and Irina Roach '24G, earned their master's degree in cybersecurity at SNHU as a strategic step in their careers. As working professionals juggling jobs and family responsibilities, they needed a program that allowed them to work at their own pace.

"It took us almost four years to get here," Irina said.

Their degrees provided them with practical, real-world skills that immediately applied to their careers. "She could literally read from the book, and the next day, she'd be saying something on one of her conference calls about it," David said.

For David, the degree was a way to pivot in his cybersecurity career after the COVID-19 pandemic led to the closure of the company he worked for. With his master's degree in hand, he felt prepared to re-enter the field.

"I'm looking forward to using this to advance my career in the direction I want to go," he said.

Whether you're looking to break into cybersecurity, grow within your current role or re-enter the field like David, earning your degree can assist you in building your career in information security.

When you're ready to start researching cybersecurity programs, consider if the program you're interested in is validated by the National Security Agency (NSA).

For example, the Bachelor of Science in Cybersecurity at SNHU became a validated program of study by the NSA in 2023. As a designated National Center of Academic Excellence in Cyber Defense (CAE-CD), SNHU met the federal government's strict criteria when it comes to excellence in cybersecurity education, said Jonathan Kamyck, a senior associate dean of STEM programs at SNHU.

Kamyck played a role in shaping cybersecurity education at SNHU, leading the development of the university's first competency-driven undergraduate cybersecurity program. He has experience working in the cybersecurity field as an information systems security manager (ISSM) for government defense contractors and consulting in IT and cybersecurity.

If working in information security interests you, here are some degrees you could consider:

• Associate of Science in Cybersecurity
• Bachelor of Science in Cybersecurity
• Bachelor of Science in Computer Science
• Bachelor of Science in Information Technology

You could also start with an online cybersecurity certificate if you want to get a feel for the field and build some important foundations. According to Cyberseek, not all cybersecurity-related job descriptions require candidates to hold a degree, so an 18-credit certificate program might just be enough to help you land an entry-level role.

---

---

As a college student, you may have an opportunity to participate in National Cyber League (NCL) competitions and practice solving challenges cybersecurity professionals encounter in their field.

You may focus on areas such as password cracking, network traffic analysis and web app exploitation, according to NCL. These competitions allow you to apply your knowledge hands-on and showcase your skills. In fall of 2024, SNHU placed 4th out of over 500 colleges participating nationwide in the NCL competition.

Gaining hands-on experience in your education and beyond is helpful in the cybersecurity field. Many businesses find the skills of a computer or network systems administrator to be attractive, according to BLS. And professionals in those roles often need analytical, communication and problem-solving skills, BLS reported.

To further develop your skills and boost your qualifications, consider obtaining an industry-recognized certification, such as the CompTIA CySA+ cybersecurity analyst certification. Combining hands-on experience with a certification and/or a degree may increase your appeal to potential employers.

*Cited job growth projections may not reflect local and/or short-term economic or job conditions and do not guarantee actual job growth. Actual salaries and/or earning potential may be the result of a combination of factors including, but not limited to: years of experience, industry of employment, geographic location, and worker skill.

---

Alexa Gustavsen ’21 is a content facilitator and writer at Southern New Hampshire University. Based in New Hampshire, she completed her bachelor's in creative writing and English on campus at SNHU. Currently, she is pursuing her master's in marketing online at the university. Connect with her on LinkedIn.