This present work addresses a research under the exploratory qualitative character, where information security and the principles that govern the security of third party data within an organization are addressed in the sense that information becomes an asset and that the types of vulnerabilities (as well as their negative effects), with information leakage being factors of premeditated attention. Information security is a subject that needs to be taken care of by independent professionals and organizations that use the data of different users as their main business tool. One of the principles that information security brings to measure the value of information is that public, private and tertiary sector entities understand a way to have this information as one of their assets. The mechanisms that entities must use in information security is to take into account the collection of data on norms, decrees, laws, current security policies.