Friday, 10 January 2014

Information Security (IS)

Information Security (IS)-


Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity, authenticity, availability and utility.

In its most basic defintion, information security means protecting information and information systems from unauthorized access, use, disruption, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. Institutions of all sizes collect and store huge volumes of confidential information. The information may be about employees, customers, research, products or financial operations. Most of this information is collected, processed and stored on computers and transmitted across networks to other computers. If this information fell into the wrong hands, it could lead to lost business, law suits, identity theft or even bankruptcy of the business.
Information security has evolved significantly and grown even more important in recent years. From a craeer perspective, there are even more areas where a professional can work in the field. Some of the specialty areas within Information Security include network security, application and database security, security testing, information systems auditing, business continuity planning and digital forensics science, among others.
IS depands on three major terms
                         

CONFIDENTIALITY=

Confidentiality prevents sensitive information from reaching the wrong people, while making sure that the right people can in fact get it. A good example is an account number or routing number when banking online. Data encryption is a common method of ensuring confidentiality. User IDs and passwords constitute a standard procedure; two-factor authentication is becoming the norm and biometric verification is an option as well. In addition, users can take precautions to minimize the number of places where the information appears, and the number of times it is actually transmitted to complete a required transaction.
When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized parties. Information has value, especially in today’s world. Bank account  statements , personal information, credit card numbers, trade secrets, government documents. Everyone has information they wish to keep a secret. Protecting such information is a very major part of information security.

Integrity =

Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality). In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash. If an unexpected change occurs, a backup copy must be available to restore the affected data to its correct state.
Integrity of information refers to protecting information from being modified by unauthorized parties.
Information only has value if it is correct. Information that has been tampered with could prove costly. For example, if you were sending an online money transfer for 100 rupees , but the information was tampered in such a way that you actually sent 10,000 rupees, it could prove to be very costly for you.

Availability=

Availability of information refers to ensuring that authorized parties are able to access the information when needed.
Information only has value if the right people can access it at the right times. Denying access to information has become a very common attack nowadays. Almost every week you can find news about high profile websites being taken down by DDoS attacks. The primary aim of DDoS attacks is to deny users of the website access to the resources of the website. Such downtime can be very costly. Other factors that could lead to lack of availability to important information may include accidents such as power outages or natural disasters such as floods.
Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed, providing a certain measure of redundancy and failover, providing adequate communications bandwidth and preventing the occurrence ofbottlenecks, implementing emergency backup power systems, keeping current with all necessary system upgrades, and guarding against malicious actions such as denial-of-service (DoS) attacks.

No comments:

Post a Comment