What are the aspects of Information Security?

The major technical areas of information security are generally defined by the original CIA including confidentiality, integrity, and authentication or availability. Confidentiality defines that data cannot be created by unauthorized parties.

Maintaining access control defines not only that users can create only those resources and services to which they are named, but also that they are not denied resources that they accurately can expect to access.

Non-repudiation signify that a person who sends a message cannot deny that sent it and, conversely, that a person who has received a message cannot deny that received it. Moreover these technical elements, the conceptual reach of data security is wide and multifaceted.

While confidentiality, integrity, and authenticity are the significant concerns of an information security manager, privacy is the essential aspect of information security for web users.

  • Authenticity − Authentication defines that users are who they request to be. Availability defines that resources are available by authorized parties; “denial of service” attacks, which are the subject matter of national news, are attacks against availability.

    The concerns of information security professionals are access control and Nonrepudiation. Authorization defines the power that it can have over distinguishing authorized users from unauthorized users, and levels of access in-between. Authenticity defines the constant checks that it can have to run on the system to make sure sensitive places are protected and working perfectly.

  • Integrity − Integrity defines that information is protected against unauthorized changes that are not perceptible to authorized users; some incidents of hacking compromise the integrity of databases and multiple resources.

  • Accuracy − The accuracy and completeness of information systems and the data supported within the systems should be an administration concern. Information which has been inappropriately changed or destroyed (by external or employees) can impact the organization. Each organization should make controls to provide that data entered into and saved in its automated files and databases are complete and accurate, and provide the accuracy of disseminated data.

  • Confidentiality − The principle of confidentiality defines that only the sender and the intended recipient(s) must be able to create the content of a message. Confidentiality have compromised if an unauthorized person is able to create a message.

  • Access Control − The principle of access control decides who must be able to access what. For example, it must be able to define that user A can view the data in a database, but cannot refresh them. User A can be allowed to create updates as well. An access-control mechanism can be install to provide this.

    Access control is associated to two areas including role management and rule management. Role management apply on the user side, whereas rule management targets on the resources side.

Updated on: 03-Mar-2022

3K+ Views

Kickstart Your Career

Get certified by completing the course

Get Started