Information system security refers to policies, procedures, and technical measures used to prevent unauthorized access, changes, theft, or damage to information systems. It is a discipline focused on protecting the confidentiality, integrity, and availability of information and information services. Users are advised to treat passwords like toothbrushes by not sharing them with others and changing them every few months.