- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
Information security guarantees the confidentiality and integrity of the information , avoiding unauthorized actions with it, in particular, its use, disclosure, distortion, alteration, investigation and destruction. The information security provisions are the same for all forms of information storage: physical, digital or any other. With the advent of computerized information systems, data security has come to the fore.
Main objectives of information security
The use of information security systems establishes specific
tasks to preserve the key characteristics of the information and provides:
• The
confidentiality of data is a state of availability of information only to
users, processes and devices authorized.
• The integrity is the absence of alterations unauthorized information added or destroyed. Ensuring integrity is especially important in cases where information is of great value and should not be lost, as well as when data may be intentionally changed to misinform the recipient. As a general rule, information is protected against erasure by methods that ensure confidentiality, backup, and the absence of distortion is verified by hashing.
• The
accessibility is the provision of timely and reliable access to information and
information services. Typical cases of an accessibility violation are a
software / hardware failure and a distributed denial of service (DDoS) attack.
The information system is protected from deficiencies by eliminating the causes
that cause it, and from DDoS attacks by cutting off spurious traffic.
• The
authenticity is the ability to uniquely identify the author / source. The
authenticity of electronic data is often verified by means such as an
electronic digital signature.
• Non-rejection
of the authorship of the information, as well as the fact that it was sent or
received. Non-rejection can be guaranteed by digital signature and other
cryptographic means and protocols. Non-rejection is relevant, for example, in
electronic tendering systems, where it guarantees the responsibility of sellers
and buyers to each other.
The main objective of information security systems is to
ensure data protection against external and internal threats.
To guarantee total confidentiality in the information
system, four methods are applied that are relevant to any information format:
1. Restriction
or complete closure of access to information
2. Encryption
3. Scattered
storage
4. Hide the
fact of the existence of information
Types of information threats
To determine the correct information security strategy , you
need to determine what intimidates data security. Threats to information
security: probable events and actions that in the long term can lead to data
leaks or loss, unauthorized access to them.
The main property of intimidation to information systems is
the origin by which the threats are divided into the following:
• Man-made
sources : Threats caused by problems with technical support, your forecast is
difficult.
• Anthropogenic
sources : the threat of human error. They can be accidental or deliberate
attacks. Unintentional threats are a random error, for example, a user
unknowingly disabled an antivirus. Man-made problems can usually be predicted
with preventive measures. Deliberate security threats lead to informational
crimes.
• The
natural sources are insurmountable circumstances that have a low probability of
prognosis, and prevention is impossible. These are various natural disasters,
fires, earthquakes, power outages due to hurricanes.
Threat classification
In addition, depending on the location of the source in
relation to the information system, threats are classified into external and
internal . This division is especially applicable to large-scale systems at the
state level.
If the external level is attacks by hackers, competing
companies or hostile states, the internal threats are caused by: read more:-
- Get link
- X
- Other Apps