Information Security: The Computer Security Handbook defines security as follows: the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information
System resources includes:
Whether you are in charge of many computers, or even one there are immediate steps you can take to safeguard your company’s computer system and its contents. – Computer Security Handbook
The CIA triad.
Web systems are core components of any business these days and as the number of websites increases, the number of hackers and attackers look for vulnerable systems to stealing valuable business data increases.
The CIA triad is a security model to help people think about various parts of IT security such as
Confidentiality is preventing the disclosure of data or information to unauthorized people or systems. It assures that informaiton stay secret and is not made available or disclosed to unauthorized users. How to protect confidentiality
- Encryption of the data at rest and in transit
- Access control
- User IDs and passwords
- Proper data classification
Integrity is about ensuring and protecting the data from unauthorized modifications in retrieval, in transit, or in storage.
It prevents data corruption and data from being tampered with, or altered while maintaining the consistency, accuracy, and trustworthiness over its entire life cycle.
To increase the data integrity hashing of files are used to verify the integrity of a file after it has been transferred from one place” to another.
Availability ensure that the data is accessible not only when but where it’s needed.