Monday, 17 February 2020

Building Blocks of Information Security


Building Blocks of Information Security

? Information security is the prevention and protection of computer assets from unauthorized
access, use, alteration, degradation, destruction, and other threats.
? No longer can security be viewed as a backroom operation, separate from the essential
activity of an organization.
? Information assets are critical to any business and vital to the survival of any organization
in today’s globalize digital economy. Information leak is therefore intolerable.
? Information security is required because most organizations can be damaged by hostile
software or intruders.
? The major technical areas of information security are usually represented by the initials
CIA: confidentiality, integrity, and authentication or availability.
? Maintaining access control means not only that users can access only those resources and
services to which they are entitled, but also that they are not denied resources that they
legitimately can expect to access.
Information Security and Privacy
Notes ? Confidentiality is related with guaranteeing that information of a particular classification
is not disseminated to persons outside the group for which it is classified.
? Integrity is related with the eminence and dependability of information; like management
can be guaranteed that the information on which decisions are relied has not been tailored
dishonestly or else when the data is transferred, captured and accumulated.
? The third pillar is the availability of the information. When systems or data are
unavailable, opportunities may be vanished, deadlines missed or commitments evaded.
? We can categorize the information on the basis of the purpose for which the information
is utilized. Depending upon the different types of decisions made by the management,
information is supplied to them according to the needs of their decision.

Accuracy: The accuracy and completeness of information systems and the data maintained
within the systems should be a management concern.
Authenticity: It refers to the constant checks you have to run on the system to make sure
sensitive areas are protected and working properly.
Authorization: It refers to the power you have over distinguishing authorized users from
unauthorized users and levels of access in-between.
Confidentiality: It means that information cannot be access by unauthorized parties.
Information Security: It is the prevention and protection of computer assets from unauthorized
access, use, alteration, degradation, destruction and other threats.
Integrity: It means that information is protected against unauthorized changes that are not
detectable to authorized users; many incidents of hacking compromise the integrity of databases
and other resources.
Logical Computer Security: It involves non-physical protection, such as that provided by
authentication or encryption schemes.
Physical Computer Security: It involves tangible protection devices, such as locks, cables, fences,
safes or vaults.

No comments:

Post a comment