One approach is to consider three aspects of information security: Security attack – Any action that compromises the security of information owned by an organization. Security mechanism – A mechanism that is designed to detect, prevent or recover from a security attack