Information security is the process of using technical and administrative measures to protect information assets and the systems that collects, stores and transmits them from unauthorized access, use, disclosure, disruption, modification or destruction.
The principal of information security is to protect the confidentiality, integrity and availability of information from harm. These principals together are known as the CIA Triad.
The CIA triad consist of three objectives: confidentiality, integrity and availability.
Confidentiality
Confidentiality is assurance of data privacy. Only the intended and authorized recipients may read the data. Disclosure to unauthorized entities, for example using unauthorized network sniffing is a confidentiality violation.
Countermeasure: Cryptography is the art and science of storing and transmitting confidential data.
Integrity
Integrity is assurance of data non-alteration. Data integrity is having assurance that the information has not been altered in transmission, from origin to reception.
Countermeasures: Digital Signatures and hash algorithms are mechanisms used to provide data integrity.
Availability
Availability is assurance in the timely and reliable access to data services for authorized users. It ensures that information or resources are available when required.
Countermeasures: High availability protocols, fully redundant network architectures and system hardware without any single points of failure ensure system reliability and robustness.
SecurityOrb.com as a article on the "Information Security Overview" description.
Posts
1 comment:
Mr. Charles,
Could you be so kind as to direct me to the original source for the CIA triad graphic that you included in your blog post of 2008.01.23 (http://kellepcharles.blogspot.com/2008_01_01_archive.html)?
Greg Scheidel
scheidelg@saic.com
Post a Comment