What do you think are the fundamentals of information systems security? Well, information security consists of 3 basic components.
These components are very important. So, what are these components? Well, continue reading for more.
Kinds of Information
The following are the 4 kinds of information:
- Public information. This refers to information open to the public. Also, it doesn’t need any special handling.
- Internal information. These are the data shared within the organization. Anyone is not allowed to expose this data outside the organization. Because of this, some apply a level of access control.
- Confidential information. This kind forms a client’s general information. So, organizations will have access control in place. Thus, only a specific audience can access this information.
- Special Confidential information. This kind needs more and a higher degree of sensitivity. Especially around who should access the information. This includes how they will access the information.
The Fundamentals Of Information Security
There are 3 fundamental principles of information security. We call it CIA Triad. Now, let’s discuss each of them.
Confidentiality
The point is all about privacy. Because this component hides information. But if you have the authorization, then you can access the data.
For instance, you may choose to keep your medical history private. But your doctors can access your data.
What else can you do? Well, you can also utilize some methods of encryption. This keeps your data confidential.
But even so, it’s still possible to breach confidentiality. How so?
For example, a doctor may call you by your full name in the reception area. But your full name is considered confidential. Thus, this can be a breach of confidentiality.
So each employee should be aware of their duties. Especially in keeping the confidentiality of the data they have access to.
Integrity
Integrity points to the accuracy and reliability of the data. This assures that the data is the same as it is.
But how does compromising of data integrity happen? There are 2 ways.
First, hackers often make unauthorized changes to data. For example, on an eCommerce website, the tries to change the shipping postal code. This results in compromising the integrity of banking records.
Second, it’s not always malicious attacks. Authorized users may also make a mistake. For instance, he may update the wrong registry by mistake.
As a result, the accuracy and reliability of the data have been corrupted. And thus, compromising integrity.
Availability
This means that the data is accessible. So people with the right authorization can access the data. Especially when they need it.
Yet, you have to consider factors that may interrupt access to data. With or without bad intentions.
For example:
- Hackers may “take down” a website with a DDoS attack.
- Technical outages. And that can affect the availability of information systems.
- Power outages and natural disasters.
Conclusion
Information security includes technologies and human activity. It gives strategies to manage processes, tools, and policies.
This helps to prevent, detect, document, and counter the threats. Besides, the CIA Triad evaluates threats and risks to the security of data.
It guides policies for information security within an organization. It’s an expansive topic. Yet, it protects the confidentiality, integrity, and accessibility of information.
