“The term information security can be defined as the way of protecting information systems and the information stored in it from the unauthorized access, use, modification, disclosure, or disruption.”
Information security refers to the process of ensuring and maintaining confidentiality, availability, and integrity of data. Confidentiality refers to the protection of information from unauthorized access. The information is disclosed only to those who are authorized to access it.
The Concept of Information Security
Integrity refers to the assurance that information is trustworthy, accurate and genuine. It protects the information from unauthorized modification. Availability means only authorized users should be able to access the information whenever needed.
It ensures the timely access to data whenever it is needed by the authorized users. The confidentiality, Integrity, and Availability are also termed as CIA triad of Information Security.
Information is a valuable set because we are living in an information society and all the activities either personal or professional are dependent on information. So, protection of information against unauthorized access is a major part of information security.
Various security mechanisms such as encryption, authentication, authorization & auditing are implemented to ensure the security of information. Organizations should formulate information security policy for protecting the valuable and sensitive information.
These policies should include physical security measures as well as digital security measures to maintain the confidentiality, integrity, and availability of the information.
Principles of Information Security
The main principles of information security are as follows:
The property of the system which ensures that the unauthorized systems and individuals are unable to access the information is known as confidentiality. This ensures that someone who is not authorized to access the system is unable to view the information.
Confidentiality is necessary to prevent the disclosure of information to unauthorized individuals or systems. Breaches of confidentiality take many forms.
Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality.
If a laptop computer containing sensitive information about a company’s employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information.
Thus, confidentiality is a necessary property but not sufficient alone to ensure the privacy of a person whose information is stored in computer systems.
Integrity is the property of information security that prevents modification of information by an unauthorized person or system. If an employee deletes an important file accidentally or intentionally, then a violation of integrity takes place.
Integrity is violated when a computer virus infects a computer when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of votes in an online poll, and so on.
Integrity is one of the most important aspects in the systems that deal with financial transactions because corrupted or wrong data can have a great impact on the business, It is also necessary to identify those users who are authorized to access the system and then provide them ‘access privileges’ in order to ensure integrity.
Integrity is essential to ensure that the information resources of an organization are accurate. Thus, it is the task of the security system to prevent unauthorized changes or corruption of data stored in the database of the organization.
Information security professionals should find out the ways for preventing errors associated with integrity by way of implementing controls.
According to this principle, for any information system to serve its purpose, the information must be available when it is needed. This ensures the correct and smooth operation of the computers and networks and sees that the needed information can be accessed by the authorized users.
If the users are unable to access the system, then it becomes impossible to assess the integrity and confidentiality aspects.
It is necessary that the information system must be available to the users, to serve its purpose and it is also necessary to ensure the proper functioning of the computing system that processes and stores the information.