CRITICAL CHARACTERISTICS OF INFORMATION
ü Confidentiality
Integrity
ü Availability
Privacy
Identification
Authentication
Authorization
Accountability
ü Accuracy
Utility
Possession
1 Confidentiality
Confidentiality
of information ensures that only those with sufficient privileges may access
certain information. When unauthorized individuals or systems can access
information, confidentiality is breached. To protect the confidentiality of
information, a number of measures are used:
ü Information
classification
ü Secure document
storage
ü Application
of general security policies
ü Education
of information custodians and end users Example, a credit card transaction on
the Internet.
The
system attempts to enforce confidentiality by encrypting the card number during
transmission, by limiting the places where it might appear (in data bases, log
files, backups, printed receipts, and so on), and by restricting access to the
places where it is stored.
Giving
out confidential information over the telephone is a breach of confidentiality
if the caller is not authorized to have the information, it could result in a
breach of confidentiality.
Integrity
Integrity
is the quality or state of being whole, complete, and uncorrupted. The
integrity of information is threatened when it is exposed to corruption,
damage, destruction, or other disruption of its authentic state. Corruption can
occur while information is being compiled, stored, or transmitted.
·
Integrity means that data cannot be modified
without authorization.
·
Eg: Integrity is violated when an employee deletes
important data files, when a computer virus infects a computer, when an
employee is able to modify his own salary in a payroll database, when an
unauthorized user vandalizes a website, when someone is able to cast a very
large number of votes in an online poll, and so on.
2 Availability
Availability
is the characteristic of information that enables user access to information
without interference or obstruction and in a required format. A user in this
definition may be either a person or another computer system. Availability does
not imply that the information is accessible to any user; rather, it means
availability to authorized users.
· For any
information system to serve its purpose, the information must be available when
it is needed.
· Eg: High
availability systems aim to remain available at all times, preventing service
disruptions due to power outages, hardware failures, and system upgrades.
Privacy
The
information that is collected, used, and stored by an organization is to be
used only for the purposes stated to the data owner at the time it was
collected. This definition of privacy does focus on freedom from observation
(the meaning usually associated with the word), but rather means that
information will be used only in ways known to the person providing it.
Identification
An
information system possesses the characteristic of identification when it is
able to recognize individual users. Identification and authentication are
essential to establishing the level of access or authorization that an
individual is granted.
Authentication
Authentication
occurs when a control provides proof that a user possesses the identity that he
or she claims.
ü In
computing, e-Business and information security it is necessary to ensure that
the data, transactions, communications or documents(electronic or physical) are
genuine(i.e. they have not been forged or fabricated)
Authorization
After the
identity of a user is authenticated, a process called authorization provides
assurance that the user (whether a person or a computer) has been specifically
and explicitly authorized by the proper authority to access, update, or delete
the contents of an information asset.
Accountability
The
characteristic of accountability exists when a control provides assurance that
every activity undertaken can be attributed to a named person or automated
process. For example, audit logs that track user activity on an information
system provide accountability.
3 Accuracy
Information
should have accuracy. Information has accuracy when it is free from mistakes or
errors and it has the value that the end users expects. If information contains
a value different from the user’s expectations, due to the intentional or
unintentional modification of its content, it is no longer accurate.
Utility
Information
has value when it serves a particular purpose. This means that if information
is available, but not in a format meaningful to the end user, it is not useful.
Thus, the value of information depends on its utility.
Possession
The
possession of Information security is the quality or state of having ownership
or control of some object or item.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2024 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.