Information security is the securing of sensitive and proprietary information, such as personal and business identities, as they are processed through departments. An example is the processing of a credit card application through two or more job positions. It is the sensitive information that is being processed through various job tasks by different job positions, from input into the department until the credit card is mailed, the bank loan approved, or the retail account opened.

Information security involves a risk assessment to (1) trace a department's information process, (2) identify susceptibilities to theft in the process, (3) develop mechanisms to secure the process, (4) develop short- and long-term strategies for securing the process(es), and (5) implement the information security plan.