Uploaded by dowsonsikute40

Information Security info

advertisement
Information Security
Information security also referred to as InfoSec covers the tools and processes that
organizations use to protect data or information. This includes policy settings that
prevent unauthorized people from accessing business or personal information. InfoSec
is a growing and evolving field that covers a wide range of fields, from network and
infrastructure security to testing and auditing.
The Three Principles of Information Security.
Information security is broken done in three components known as the CIA triad:
Let’s look at each one below:
1. Confidentiality: This component is often associated with secrecy and the use
of encryption. Confidentiality in this context means that the data is only
available to authorized parties. When information has been kept confidential it
means that it has not been compromised by other parties; confidential data are
not disclosed to people who do not require them or who should not have access
to them. Ensuring confidentiality means that information is organized in terms
of who needs to have access, as well as the sensitivity of the data. A breach of
confidentiality may take place through different means, for instance hacking or
social engineering.
2. Integrity: Data integrity refers to the certainty that the data is not tampered
with or degraded during or after submission. It is the certainty that the data has
not been subject to unauthorized modification, either intentional or
unintentional. There are two points during the transmission process during
which the integrity could be compromised: during the upload or transmission of
data or during the storage of the document in the database or collection.
3. Availability: This means that the information is available to authorized users
when it is needed. For a system to demonstrate availability, it must have
properly functioning computing systems, security controls and communication
channels. Systems defined as critical (power generation, medical equipment,
safety systems) often have extreme requirements related to availability. These
systems must be resilient against cyber threats, and have safeguards against
power outages, hardware failures and other events that might impact the system
availability.
Download