Information that is sought to be protected by companies is typically categorized into different levels of confidentiality.  Confidentially pertains to the prevention of disclosing information to unauthorized individuals.  IT security therefore involves making sure that information is released not only to authorized individuals but to individuals who have been specifically authorized for such level of information. 

When information is designated as public, such is expected to be shared without restriction.  These information are presumed not to present any potential harm to its owners even when widely disseminated.  In general, there should be nothing to prevent the sharing of public information. 

Some information are categorized as sensitive.  Sensitive information is released in a controlled manner to a specific group or groups of people.  These people are typically on a need-to-know basis and those who have no business knowing should not get their hands on it.  Since these information are not completely private, there are bound to be some problems with control which is sought to be prevented by identity authentication and specific authorization measures. 

Information that requires the highest level of confidentiality are those categorized as restricted or highly confidential.  The improper disclosure of such information is expected to expose its owners to serious risks.  When restricted information is unnecessarily disclosed, the need for extensive damage mitigation may arise.  The information leakage also warrants investigation so that any further disclosure of information of the same nature will be avoided and prevented.  IT security highly depends on the people having access to critical information.