As a start I would like to explain what is
information security? And why do we need information security?
Information
Security is the act of safe guarding data from unauthorized access or
modification whether accidental or intentional. As much as this is simple to
say it is definitely hard to achieve.
We all agree that since the early 90s
dependency on information systems increased drastically, and today these
systems are an integrated part of our life. I mean who doesn't have a laptop, a
Smartphone, an Ipad. I remember that I did see my 2 years old daughter holding
"Her" Ipad; switching between applications and playing with the
animals on display.
As our reliance on technology and
information systems increase, the threat of personal and confidential
information loss also increase. Understanding information security and how it
is implemented and governed is the first step towards the correct direction.
Fundamental principles of
Information Security:
As per definition: Information security is
the process of protecting information.
The three fundamental principles of
information security are the C. I. A:
Confidentiality
Confidentiality
is the concept of keeping private information away from individuals who should
not have access to it. Any time there is either an intentional or unintentional
release of information to unauthorized people, confidentiality is lost.
Confidentiality
ensures that private information is accessed by only those that have the
appropriate authorization to do so.
Example: Your hotmail, simple rule, no one should
read your emails except yourselves. And of course the people you forward these
emails to!
Integrity
Integrity
is about data consistency. When you seek data and information from the
internet, are you certain that this information is true? You should be certain
that the data generated or used is not being incorrectly modified (tampered) in
any way by authorized or unauthorized people.
Integrity
is preserved when information is complete, accurate, and valid. You should
prevent unauthorized people from making modifications. (Hackers, Thieves)
Example: Your hotmail, when you receive email
messages that you have won the Singaporean lottery. Or you inherited your
deceased far relative "ruler of the Northern Hemisphere". This
information has no integrity (These are called scams and I will address them in
a future Post).
Availability
Availability
is the reliable and timely access to the data and recourses a user is
authorized to use. It is measured by the "response time "which is the
time needed to respond to a business user request and by the "up
time" which is the date and time during which the information is available
for a business user.
Example: Your hotmail, (yeah hotmail suites
everything). If you wake up at 3:00 Am feeling that you should check your
email, Hotmail service should be there.
So In order to talk the information
Security Language, you must keep in mind that it is all about protecting the C.
I. A.
No comments:
Post a Comment