Good evening Readers!
Tonight's post will be on the remaining parts of the CIA principle however, i will be adding in a side note about the Confidentiality part of the equation.
On the Confidentiality part, what i didn't mention in my initial post was that it had little regard to information security. Confidentiality is not all about encryption, its about the entire process. For instance, encryption doesn't stop data tampering which can be done in a Man-In-the-Middle attack.
This is essentially when data is replaced in transit which means that the person receiving the data will recieve something different to what the first person sent.
Anyway, moving onto the I and A.
Integrity, for information security, is about maintaining the integrity of the data is a key concept and this pretty much means that you are assuring users of the data as well as those that the data is about that the data is accurate and as it was intended. So what this means is that the data isn't modified by anyone for any unauthorised reason and that the data itself remains in a secure and protected environment. For instance, if you sign up to a shopping site, you want to make sure that random hackers can't be using your data for identity theft without the site even knowing about it to let you know.
To sum up integrity, its pretty much keeping your data safe and protected as you intended it.
Availability, is pretty much what you would imagine it to be. Its making sure that the data is available for use at any given point and this is done by making sure that all equipment that deal with storing data, uploading data, downloading data is in functioning order to ensure that the data can be accessed anytime.
In terms of information security, availability is ensured by making sure that the data is protected from attacks such as Denial of Service attacks, this would be the best example for availability. This pretty much means that when something happens on to disrupt the availability of the data on a site like amazon, they can get your data(my account) back up and running as soon as possible and this is done by ensuring that there are failsafes in place like having a back up power system, offsite data storage where the data can be set up so that it can take over as soon as possible
By The Way, this is just what i understand these concepts to be in a thumbnail sketch. By no means is this the entire story and i can also be wrong. Just a warning.
For now, Thats all folks.
Beth
No comments:
Post a Comment