What is Information Security? Why It’s Important, Job Outlook and More

Two-factor authentication, user permissions and firewalls are some of the ways to protect private information from outside sources.

Dr. Dennis Backherms, an information technology (IT) professional and associate dean of cybersecurity programs at Southern New Hampshire University (SNHU), defined information security as the protection of all information. “That information can be physical, such as a handwritten note, or digital, such as electronic medical records,” he said.

Backherms has dedicated his career to fortifying information systems against evolving cyber threats. His expertise spans government and private industry sectors, where he has focused on resolving cybersecurity challenges.

Due to the widespread usage of technology, the number of organizations needing protection from security threats has continuously grown. From large global corporations to small startups, anyone using technology to help run their business needs help to avoid security breaches.

If you're interested in working in the information security field, understanding what a cybersecurity degree is and how it can help may be a good place to start.

What Are the 3 Key Concepts of Information Security?

Information security, more commonly known in the industry as InfoSec, centers around the security triad: confidentiality, integrity and availability (CIA).

These principles, aspects of which you may encounter daily, are outlined in the CIA security model and set the standards for securing data:

1. Confidentiality limits information access to authorized personnel, like having a PIN or password to unlock your phone or computer.
2. Integrity ensures information can only be altered by authorized users, safeguarding the information as credible and presenting the organization or site as trustworthy.
3. Availability requires information to be accessible to authorized users any time they need it. To make this possible, systems need to be updated and software backed up.

"Cybersecurity professionals today are concerned more about insider threats and the human factor," said Backherms. "The human factor is considered the weakest link in any InfoSec program."

Implementing security controls no longer seems to be enough to protect data. Organizations need to ensure employees are trained properly on top of using software/hardware security controls.

Applying the CIA security model keeps information protected. With growing concerns over privacy and the security of confidential information of both individuals and corporations, companies are putting more resources toward cybersecurity.

“Most organizations never publish or make their data breaches known. Besides mitigating data loss, brand reputation is usually the number one concern for most large organizations, so we never hear of the most egregious breaches," said Backherms.

In fact, larger insurance companies have special policies that cover reputation to help mitigate brand damage should a breach be publicized.

What is an Example of Information Security?

Many organizations have recognized the importance of protecting private information from becoming public, especially when that information is sensitive. The Forbes Technology Council identified some of the top cybersecurity trends to keep an eye out for.

A few of the cybersecurity trends Forbes identified include:

• 5G vulnerabilities: With the new reality of remote work, the cloud and 5G have become necessary for many businesses. While 5G has many advantages, it may lead to more cyberattacks. The high speed that 5G brings to data transfer can allow hackers to go unnoticed, and it’s crucial for companies to implement higher security and roadblocks to access data.
• Ransomware cyberattacks: Companies may face ransomware attacks where their data and systems are held hostage in return for ransom. This type of cyberattack is believed to grow more this year and in the years to come. According to the Forbes Technology Council, professionals need to be well-positioned and ready to deal with untrustworthy sources.
• Synthetic identities: This type of fraud occurs when scammers develop a new persona using real and fake data in hopes of financially defrauding someone, taking their money or other assets. For example, companies may need to increase security to confirm job candidate identities to prevent these synthetic identities from coming through.

Jobs in Information Security

Interested in being a part of an information security team but unsure of where your skills could be best used? Exploring the different types of jobs available in in

formation security can help you find an IT occupation that not only interests you but will put your information security expertise to the test.

Some entry-level roles, according to the U.S. Bureau of Labor Statistics (BLS) and CyberSeek, include:

• Information security analyst: As an information security analyst, you'll keep up to date with the latest security and technology trends and inform upper management when updates are available to better protect sensitive information, according to BLS. Your duties could also include installing security programs and firewalls and periodically testing for weaknesses in the company’s systems. The median salary for this role in 2023 was $120,360, according to the BLS, and which projected a 33% growth in positions through 2033.*
  
  
• Incident and intrusion analyst: Intrusion analysts are responsible for administering security-related hardware and software pieces. They strategize and remain prepared for security threats before they can even begin working on the front line of an organization's security. Based on recent job listings, CyberSeek reported that intrusion analysts earned an average salary of $101,130 between September 2023 and August 2024.*
  
  
• IT auditor: An IT auditor’s role is to assist an organization in protecting its data and controls within its technology systems. You will work to identify weaknesses in the technology and create ways to prevent security threats. CyberSeek reported that IT auditors earned an average salary of $85,221 between September 2023 and August 2024.*
  
  
• Cybersecurity specialist: As a cybersecurity specialist, you will implement systems to ensure electronic information remains secure. You’ll monitor systems for signs of threats and vulnerabilities within an organization's tech systems. They also train others to know how to avoid and identify cybersecurity threats. CyberSeek reported that cybersecurity specialists earned an average salary of $88,149 between September 2023 and August 2024.*

There are many pathways you can take in the information security field, and these entry-level positions could be a starting point for your career in this field.

How Can You Build a Career in Information Security?

Information security is a growing field that needs knowledgeable IT professionals. A cybersecurity degree can provide the expertise needed to meet the demands of organizations that want to step up their security game.

Husband and wife David and Irina Roach '24G, earned their master's degrees in cybersecurity at SNHU as a strategic step in their careers. As working professionals juggling jobs and family responsibilities, they needed a program that allowed them to work at their own pace.

"It took us almost four years to get here," Irina said.

Their degrees provided them with practical, real-world skills that immediately applied to their careers. "She could literally read from the book, and the next day, she'd be saying something on one of her conference calls about it," David said.

For David, the degree was a way to pivot in his cybersecurity career after the COVID-19 pandemic led to the closure of the company he worked for. With his master's degree in hand, he felt prepared to re-enter the field.

"I'm looking forward to using this to advance my career in the direction I want to go," he said.

Whether you're looking to break into cybersecurity, grow within your current role or re-enter the field like David, earning your degree can assist you in building your career in information security.

When you're ready to start researching cybersecurity programs, consider if the program you're interested in is validated by the National Security Agency (NSA).

For example, the Bachelor of Science in Cybersecurity at SNHU became a validated program of study by the NSA in 2023. As a designated National Center of Academic Excellence in Cyber Defense (CAE-CD), SNHU met the federal government's strict criteria when it comes to excellence in cybersecurity education, said Jonathan Kamyck, a senior associate dean of STEM programs at SNHU.

Kamyck played a role in shaping cybersecurity education at SNHU, leading the development of the university's first competency-driven undergraduate cybersecurity program. He has experience working in the cybersecurity field as an information systems security manager (ISSM) for government defense contractors and consulting in IT and cybersecurity.

If working in information security interests you, here are some degrees you could consider:

• Associate of Science in Cybersecurity
• Bachelor of Science in Cybersecurity
• Bachelor of Science in Computer Science
• Bachelor of Science in Information Technology

You could also start with an online cybersecurity certificate if you want to get a feel for the field and build some important foundations. According to Cyberseek, not all cybersecurity-related job descriptions require candidates to hold a degree, so an 18-credit certificate program might just be enough to help you land an entry-level role.

As a college student, you may have an opportunity to participate in National Cyber League (NCL) competitions and practice solving challenges cybersecurity professionals encounter in their field. You may focus on areas such as password cracking, network traffic analysis and web app exploitation, according to NCL. These competitions allow you to apply your knowledge hands-on and showcase your skills. Recently, SNHU placed 4th out of over 500 colleges participating nationwide in the 2024 NCL competition.

Gaining hands-on experience in your education and beyond is helpful in the cybersecurity field. Many businesses find the skills of a computer or network systems administrator to be attractive, according to BLS. And professionals in those roles often need analytical, communication and problem-solving skills, BLS reported.

To further develop your skills and boost your qualifications, consider obtaining an industry-recognized certification, such as the CompTIA CySA+ cybersecurity analyst certification. Combining hands-on experience with a certification and/or a degree may increase your appeal to potential employers.

*Cited job growth projections may not reflect local and/or short-term economic or job conditions and do not guarantee actual job growth. Actual salaries and/or earning potential may be the result of a combination of factors including, but not limited to: years of experience, industry of employment, geographic location, and worker skill.

Alexa Gustavsen ’21 is a content facilitator and writer at Southern New Hampshire University. Based in New Hampshire, she completed her bachelor's in creative writing and English on campus at NH. Currently, she is pursuing her master's in marketing online at the university. Connect with her on LinkedIn.