Thursday, December 29, 2011

First things First: What is information Security?

As a start I would like to explain what is information security? And why do we need information security?

Information Security is the act of safe guarding data from unauthorized access or modification whether accidental or intentional. As much as this is simple to say it is definitely hard to achieve.

We all agree that since the early 90s dependency on information systems increased drastically, and today these systems are an integrated part of our life. I mean who doesn't have a laptop, a Smartphone, an Ipad. I remember that I did see my 2 years old daughter holding "Her" Ipad; switching between applications and playing with the animals on display.

As our reliance on technology and information systems increase, the threat of personal and confidential information loss also increase. Understanding information security and how it is implemented and governed is the first step towards the correct direction.

Fundamental principles of Information Security:

As per definition: Information security is the process of protecting information.
The three fundamental principles of information security are the C. I. A:


Confidentiality is the concept of keeping private information away from individuals who should not have access to it. Any time there is either an intentional or unintentional release of information to unauthorized people, confidentiality is lost.

Confidentiality ensures that private information is accessed by only those that have the appropriate authorization to do so.

Example: Your hotmail, simple rule, no one should read your emails except yourselves. And of course the people you forward these emails to!

Integrity is about data consistency. When you seek data and information from the internet, are you certain that this information is true? You should be certain that the data generated or used is not being incorrectly modified (tampered) in any way by authorized or unauthorized people.

Integrity is preserved when information is complete, accurate, and valid. You should prevent unauthorized people from making modifications. (Hackers, Thieves)

Example: Your hotmail, when you receive email messages that you have won the Singaporean lottery. Or you inherited your deceased far relative "ruler of the Northern Hemisphere". This information has no integrity (These are called scams and I will address them in a future Post).

Availability is the reliable and timely access to the data and recourses a user is authorized to use. It is measured by the "response time "which is the time needed to respond to a business user request and by the "up time" which is the date and time during which the information is available for a business user.

Example: Your hotmail, (yeah hotmail suites everything). If you wake up at 3:00 Am feeling that you should check your email, Hotmail service should be there.

So In order to talk the information Security Language, you must keep in mind that it is all about protecting the C. I. A.

No comments:

Post a Comment