Information security is typically defined as “the means to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.” For the last two decades, information security as practiced in most organizations has focused
primarily (if not exclusively) on the latter part of that definition—protecting “information systems”
rather than the information itself. Yet that is beginning to change. Symantec calls this new era Security 2.0.