Page 22 - DCAP516_COMPUTER_SECURITY
P. 22
Computer Security
Notes 2.4 Core Concepts of Information Security
2.4.1 Confidentiality
Confidentiality is the term used to prevent the disclosure of information to unauthorized
individuals or systems. For example, a credit card transaction on the Internet requires the credit
card number to be transmitted from the buyer to the merchant and from the merchant to a
transaction processing network. The system attempts to enforce confidentiality by encrypting
the card number during transmission, by limiting the places where it might appear (in databases,
log files, backups, printed receipts, and so on), and by restricting access to the places where it is
stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality
has occurred.
Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at
your computer screen while you have confidential data displayed on it could be a breach of
confidentiality. If a laptop computer containing sensitive information about a company’s
employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential
information over the telephone is a breach of confidentiality if the caller is not authorized to
have the information.
Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose
personal information a system holds.
2.4.2 Integrity
In information security, integrity means that data cannot be modified undetectably. This is not
the same thing as referential integrity in databases, although it can be viewed as a special case of
Consistency as understood in the classic ACID model of transaction processing. Integrity is
violated when a message is actively modified in transit. Information security systems typically
provide message integrity in addition to data confidentiality.
2.4.3 Availability
For any information system to serve its purpose, the information must be available when it is
needed. This means that the computing systems used to store and process the information, the
security controls used to protect it, and the communication channels used to access it must be
functioning correctly. High availability systems aim to remain available at all times, preventing
service disruptions due to power outages, hardware failures, and system upgrades. Ensuring
availability also involves preventing denial-of-service attacks.
Task What do you mean by “confidentiality”? Explain using a real life example.
There are various types security policies relating to information security. These have been
discussed below:
Military security policy (also called a governmental security policy) is a security policy
developed primarily to provide confidentiality.
Commercial security policy is a security policy developed primarily to provide integrity.
Confidentiality policy is a security policy dealing only with confidentiality.
Integrity policy is a security policy dealing only with integrity.
16 LOVELY PROFESSIONAL UNIVERSITY
