Page 38 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 38
Information Security and Privacy
Notes 4. ....................... is a key to the success of all operations.
5. An information ....................... often indicates that security measures were not properly
implemented.
3.2 Basic Principles of Information Security
The major technical areas of information security are usually represented by the initials CIA:
confidentiality, integrity, and authentication or availability. Confidentiality means that
information cannot be access by unauthorized parties.
Maintaining access control means not only that users can access only those resources and services
to which they are entitled, but also that they are not denied resources that they legitimately can
expect to access. Non-repudiation implies that a person who sends a message cannot deny that
he sent it and, conversely, that a person who has received a message cannot deny that he
received it. In addition to these technical aspects, the conceptual reach of information security is
broad and multifaceted.
While confidentiality, integrity, and authenticity are the most important concerns of an
information security manager, privacy is perhaps the most important aspect of information
security for everyday Internet users. Although users may feel that they have nothing to
hide when they are registering with an Internet site or service, privacy on the Internet is
about protecting one’s personal information, even if the information does not seem
sensitive.
3.2.1 Secrecy
Information security, in many ways, is about secrecy, not in the sense of being mysterious or
clandestine, but because of the fact that you are always dealing with authorization and
Authenticity.
Information security touches draws from disciplines as ethics and risk analysis.
Example: It is concerned with topics such as computer crime; the prevention, detection,
and remediation of attacks; and identity and anonymity in cyberspace.
3.2.2 Authenticity
Authentication means that users are who they claim to be. Availability means that resources are
accessible by authorized parties; “denial of service” attacks, which are sometimes the topic of
national news, are attacks against availability. Other important concerns of information security
professionals are access control and Non-repudiation.
Authorization refers to the power you have over distinguishing authorized users
from unauthorized users, and levels of access in-between. Authenticity refers to the constant
checks you have to run on the system to make sure sensitive areas are protected and working
properly.
3.2.3 Confidentiality
Confidentiality is also known as secrecy or privacy; breaches of confidentiality range from the
embarrassing to the disastrous. Confidentiality is discussed in detail in next section.
32 LOVELY PROFESSIONAL UNIVERSITY
