Table of Contents
When developing an information system that will hold private and vital informations, it is necessary to think of protecting those data. The security of information is concerned with the following areas: confidentiality, data integrity, availability, authenticity, non-repudiation and risk management. All these security aspects, may be affected by purely technical issues (e.g., a malfunctioning part of a computer or communications device), natural phenomena (e.g., wind or water), or human causes (accidental or deliberate).This report will give a definition of these security issues with examples to illustrate them.
Confidentiality is about stopping all unauthorised users to get access to data. The use of a unique identifier such as: ...view middle of the document...
Availability makes sure that user always get access to the information when they need it. This means that all the system must be functioning correctly all the time .
An example will be the university computer system where we need identification before accessing it. When we do access it, we would like to see the materials we have saved in the same language and ready to use.
Since modified information is no more accurate, the system should be able to keep the originality of it. An inaccurate bank account, whether it is from the account holder or the bank teller can bring an unwanted consequences.
This is about making sure that the information movements within is secure; and it is in the same state it was created, placed, stored or send. This is not always the case with e-mails where messages delivering are controlled by the E-mail spoofing. In a system with authenticity, if Bob send a message to Alice, Alice should receive it. The system should not allow anyone else to intercept Alice message .
This gives responsibility to all parties, the sender and the receiver. None of them can deny receiving or having sent the message. That is controlled by digital signatures and encryption. The message is sent through secure channels where a shared key is sent to both participants.
In an information system, it is important to keep data secure. The security of data passes through the protection of the network and its resources. The notes in this document are the security of an information system which should be observed all the time.
Michael E. Whitman, H. J. (2012). Principles of Information Security. USA: Course Technology Cengage Learning.
Tao-hoon, K., & Sattarova, F. (2007). IT Security Review: Privacy, Protection, Access Control,. International Journal of Multimedia and Ubiquitous Engineering, 17-32.
Technology, D. o. (2008). Standards for Security Categorization of Information Systems. do it, 1-3.