Information security

What does it actually mean to be ‘secure’? Most people would think that security means protecting against unauthorised access but there’s actually a lot more to it.

Often when we talk about security we will start with the CIA triage. This doesn’t refer to the well-known intelligence service; it’s an abbreviation of the following three main features of information security:

  • Confidentiality ensures that information is not disclosed to unauthorised persons and processes
  • Integrity provides several guarantees:
    • Preventing the modification of information by unauthorised users
    • Preventing the unauthorised or unintentional modification of information by authorised users
    • Preserving internal and external consistency
    • Internal – logical connection within the data in the system
    • External – logical connection between the objects in the real world and their representations in the system
  • Availability guarantees that authorised users have uninterrupted access to the system/information

Other evaluation factors

In addition, there many other factors that we need to consider when evaluating the security of a system. Some of these are:

  • Authenticity – confirmation of the origin and identity of an information source
  • Identification – confirming the identity of a user
  • Authentication – confirmation of the evidence of a user’s identity
  • Accountability – assigning responsibility for a user’s actions
  • Non-repudiation – a user cannot deny that they have sent a particular message or performed a particular action
  • Privacy – protection of individually identifiable information
  • Organisational security policy – a high-level statement of the structure, processes and mechanisms covering information security

Share this article:

This article is from the free online course:

Ethical Hacking: An Introduction

Coventry University