LEARN MORE: Study our Information Security Course - click here for more details
Extract from our course....
Basic Security Concepts
The most important security concepts related to information on the internet are confidentiality, integrity and availability, whereas the most important concepts related to the people using the information on the internet are authorisation, authentication and non-repudiation.
A key issue of displaying information on the internet or on any other information system is to make sure that only the authorised people are able to view that information. Confidentiality is a very important attribute when it comes to information security, but when unauthorised people obtain access to information, the result will be loss of confidentiality. In some countries, there is a need to protect the privacy of individuals and prevent unlawful access to their information. This includes but is not limited to: information stored in banks, hospitals and medical records, medical laboratories and medical research data, the tax office, and many others.
When private information is circulating on an insecure network, it may be subject to many forms of misuse, including theft and corruption. Data corruption occurs when information is modified by a third-party, thus resulting in the loss of integrity for this data. It is important to note that information can be modified by people with or without malicious intent; for this reason, it is important to keep confidential information secure at all times, to avoid any accidental tampering (such as human error) or intentional tampering.
Needless to say, it is always important to maintain data integrity during any type of communication, but in critical cases such as EFT (electronic funds transfer), army and security agencies communications, and air traffic control, maintaining data integrity becomes an absolute necessity.
This means extreme care should be taken to prevent data from being deleted, modified, or inaccessible; this resulting in loss of data availability and people won’t be able to access the information when required.
To secure data availability on the network, it is important to reduce network outages as much as possible, because the availability of the network itself is extremely important. If the network is down, network users will not be able to access the network and any resources available on that network.
Most organisations nowadays apply some form of security to restrict unlawful access to data stored on their networks. This is mainly achieved by using authentication and authorisation which will be explained below:
- Authentication on a network provides a proof that a network user is indeed the person they are claiming to be, either by asking the user to input a password (something they know), a smartcard (something they have), or a biometric identity print (such as a finger print).
- Authorisation on a network provides a proof that a certain network user has the right to read a file, run a program, delete a folder, or perform other network activities.
It is important to understand that authentication and authorisation work together, because a user needs to be authenticated first before they can be authorised to perform network activities.
Use our free career and course counselling service.