Information security is the practice of preventing unauthorized access, use, disclosure, distortion, modification, research, recording or destruction of information. This universal concept applies regardless of the form that the data can take (electronic or, for example, physical). The main task of information security is a balanced protection of confidentiality, integrity and availability of data , taking into account the appropriateness of the application and without any damage to the performance of the organization . This is achieved primarily through a multi-step risk management process that identifies fixed assets and intangible assets, sources of threats, vulnerabilities, potential exposure and risk management capabilities. This process is accompanied by an assessment of the effectiveness of the risk management plan.