Describe the principles of information security
Assessment
Report
Principles:
confidentiality:
ensuring only authorised users have access to information
integrity:
preventing information being updated by unauthorised personnel, thus ensuring the information is trustworthy and accurate
availability:
ensuring the information is always available to authorised personnel, (for example, by ensuring backups of data)
accountability:
the ability to prove or disprove that something was, or has been, carried out and by whom, (for example, auditing data)
Information security is like the foundation of a strong and safe building. To ensure the building stays upright and secure, there are several principles you have to follow. In the case of information security, these principles are Confidentiality, Integrity, Availability, and Accountability, often abbreviated as CIAA. Let's dig into each:
What it Means: Making sure that only the people who are supposed to see information can actually see it.
Example: Imagine a locker room where each person has a key to their own locker. Only you, with your key (or password, in the case of digital data), can access what's inside.
What it Means: Making sure that the information is correct and not tampered with.
Example: Think of a sealed juice box. You want to make sure that no one has poked a hole in it or tampered with it in any way before you drink it. In the same way, integrity ensures that your data is trustworthy and hasn't been altered by unauthorized users.
What it Means: Ensuring that when you need to get to the information, you can.
Example: Imagine you need to get into your locker to grab your gym clothes. If for some reason the lock is jammed or the key is missing, you can't get what you need. In the digital world, this could mean making sure there are backups and that systems are up and running so you can access your data when you need it.
What it Means: Being able to trace actions back to the person who did them.
Example: Picture a sign-in sheet at the entrance of a secure lab. Everyone who enters has to sign their name and list the time they entered and left. If something goes wrong, you can go back and see who was in the lab at that time. In digital terms, this often involves keeping logs and maybe even using video monitoring.
These principles form the backbone of information security measures. They help ensure that the "building" of an organization's data stays safe, that the "juice box" of their data stays sealed until someone who is authorized wants to "drink" (or use) it, and that we know who was in the "lab" (or system) at all times.
By following these principles, an organization can create a strong foundation of security measures that protect against unauthorized access, data tampering, service disruptions, and untraceable actions.