Information Security

Information Security

Information Security: The Computer Security Handbook defines security as follows: the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information

System resources includes:

  • Hardware
  • Software 
  • Firmware 
  • Information/data 
  • Telecommunications

Whether you are in charge of many computers, or even one there are immediate steps you can take to safeguard your company’s computer system and its contents. – Computer Security Handbook

The CIA triad.

Web systems are core components of any business these days and as the number of websites increases, the number of hackers and attackers look for vulnerable systems to stealing valuable business data increases.

The CIA triad is a security model to help people think about various parts of IT security such as  

  1. Confidentiality
  2. Integrity
  3. Availability.
Confidentiality:

Confidentiality is preventing the disclosure of data or information to unauthorized people or systems. It assures that informaiton stay secret and is not made available or disclosed to unauthorized users. How to protect confidentiality

  • Encryption of the data at rest and in transit
  • Access control
  • User IDs and passwords
  • Proper data classification
Integrity:

Integrity is about ensuring and protecting the data from unauthorized modifications in retrieval, in transit, or in storage.

It prevents data corruption and data from being tampered with, or altered while maintaining the consistency, accuracy, and trustworthiness over its entire life cycle.

To increase the data integrity hashing of files are used to verify the integrity of a file after it has been transferred from one place” to another.

Availability:
    Protect your system from harm, theft, and unauthorized users