What are the fundamentals of information security? Information security or Infosec consists of 3 basic components or fundamentals. These components are also termed as CIA triad. And for organizations and companies, information security is very vital.
Classifications of Information
There are classifications of information, namely:
- Public. This information is openly available to the public. Also, it doesn’t require any special handling.
- Internal. It refers to the data shared within the organization. Additionally, no one is allowed to disclose this information outside the organization. Moreover, some may apply a level of access control to this information.
- Confidential. This information constitutes a client’s general information. And organizations will have access control in place. Thus, only a specific audience has access to this information.
- Special Confidential. The information needs more and a higher degree of sensitivity around who should access the information. As well as how they will access the information.
What Are The Fundamentals Of Information Security?
As mentioned earlier, there are three fundamental principles of information security. Let’s discuss each of them.
Confidentiality
It’s all about privacy. This principle hides information. But makes it accessible only to people that have the authorization. For instance, your medical history is something you want to keep in private. And only a few people, such as doctors should have access to it.
Additionally, to keep the information confidential, you may need to utilize some methods of encryption. As well as strict access control. But even so, it’s still possible to breach confidentiality easily.
For example, a doctor may call you by your full name in the receptionarea. But your full name is considered confidential. Thus, that can be a breach of confidentiality.
So each employee should be aware of their responsibilities in maintaining the confidentiality of the information they have access to.
Integrity
This principle refers to the accuracy and reliability of data. Please note that making unauthorized modifications or changes to data stored in a system is what hackers do.
For example, on an eCommerce website, the hacker modifies the shipping postal code. Thus compromising the integrity of banking records.
But, corrupting data integrity is not limited to malicious attacks. Users of an information system also make a mistake. For instance, a database administrator may mistakenly update the wrong registry. As a result, the accuracy and reliability of the information have been corrupted. And thus, compromising integrity.
Availability
This simply refers to the accessibility of information. So people with the right authorization may access the information when they need it.
However, hackers may interrupt the authorized user’s access to information. One cause of the interruption is when a hacker “takes down” a website with a DDoS attack.
But, like the other 2 fundamentals, interruptions in availability can also happen without any bad intentions. For example, cloud-based services may experience technical outages. And that can affect the availability of information systems. Moreover, other concerns can include power outages as well as natural disasters.
Conclusion
Information security is a combination of technologies and human activity. It provides strategies for managing the processes. As well as tools and policies not only to prevent and detect. But also to document and counter the threats.
Besides, the CIA Triad helps to assess threats and risks to the security of data. The model was also designed to guide policies for information security within an organization.
Moreover, Information security is an expansive topic. However, it ensures the protection of confidentiality, integrity, and accessibility of information.