In order to ensure the confidentiality, integrity, and availability of information, organizations can choose from a variety of tools. Other companies may not suffer if their web servers are down for a few minutes once in a while. Online retailers require their servers to be available twenty-four hours a day, seven days a week. For example, a stock trader needs information to be available immediately, while a sales person may be happy to get sales numbers for the day in a report the next morning. Depending on the type of information, appropriate timeframe can mean different things. Availability means information can be accessed and modified by anyone authorized to do so in an appropriate timeframe. Information availability is the third part of the CIA triad. Integrity can also be lost unintentionally, such as when a computer power surge corrupts a file or someone authorized to make a change accidentally deletes a file or enters incorrect information. An example of this would be when a hacker is hired to go into the university’s system and change a student’s grade. Information can lose its integrity through malicious intent, such as when someone who is not authorized makes a change to intentionally misrepresent something. Just as a person with integrity means what he or she says and can be trusted to consistently represent the truth, information integrity means information truly represents its intended meaning. Integrity is the assurance that the information being accessed has not been altered and truly represents what is intended. Access to grade records should be limited to those who have authorized access. For example, federal law requires that universities restrict access to private student information. Everyone else should be disallowed from learning anything about its contents. This is sometimes referred to as NTK, Need to Know. Protecting information means you want to want to be able to restrict access to those who are allowed to see it. The Information Security Triad: Confidentiality, Integrity, Availability (CIA) Confidentiality The security triad Finally, you will review a list of security precautions that individuals can take in order to secure their personal computing environment. Several different measures that a company can take to improve security will be discussed. The chapter begins with an overview focusing on how organizations can stay secure. This chapter reviews the fundamental concepts of information systems security and discusses some of the measures that can be taken to mitigate security threats. In order for a company or an individual to use a computing device with confidence, they must first be assured that the device is not compromised in any way and that all communications will be secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |