Home | | Information Security | Critical Characteristics of Information

Chapter: Information Security

Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail

Critical Characteristics of Information

Confidentiality of information ensures that only those with sufficient privileges may access certain information.

CRITICAL CHARACTERISTICS OF INFORMATION

 

ü Confidentiality


   Integrity


ü Availability


   Privacy


   Identification


   Authentication


   Authorization

 

   Accountability

 

ü Accuracy

 

Utility

 

Possession

 

1 Confidentiality

 

Confidentiality of information ensures that only those with sufficient privileges may access certain information. When unauthorized individuals or systems can access information, confidentiality is breached. To protect the confidentiality of information, a number of measures are used:

 

ü Information classification

 

ü Secure document storage

 

ü Application of general security policies

 

ü Education of information custodians and end users Example, a credit card transaction on the Internet.

 

   The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in data bases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored.

 

   Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information, it could result in a breach of confidentiality.

 

Integrity

 

Integrity is the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when it is exposed to corruption, damage, destruction, or other disruption of its authentic state. Corruption can occur while information is being compiled, stored, or transmitted.

 

· Integrity means that data cannot be modified without authorization.

· Eg: Integrity is violated when an employee deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a website, when someone is able to cast a very large number of votes in an online poll, and so on.

2 Availability

 

Availability is the characteristic of information that enables user access to information without interference or obstruction and in a required format. A user in this definition may be either a person or another computer system. Availability does not imply that the information is accessible to any user; rather, it means availability to authorized users.

 

· For any information system to serve its purpose, the information must be available when it is needed.

 

· Eg: High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades.

 

Privacy

 

The information that is collected, used, and stored by an organization is to be used only for the purposes stated to the data owner at the time it was collected. This definition of privacy does focus on freedom from observation (the meaning usually associated with the word), but rather means that information will be used only in ways known to the person providing it.

 

Identification

 

An information system possesses the characteristic of identification when it is able to recognize individual users. Identification and authentication are essential to establishing the level of access or authorization that an individual is granted.

 

Authentication

 

Authentication occurs when a control provides proof that a user possesses the identity that he or she claims.

 

ü In computing, e-Business and information security it is necessary to ensure that the data, transactions, communications or documents(electronic or physical) are genuine(i.e. they have not been forged or fabricated)

 

Authorization

 

After the identity of a user is authenticated, a process called authorization provides assurance that the user (whether a person or a computer) has been specifically and explicitly authorized by the proper authority to access, update, or delete the contents of an information asset.

 

Accountability

 

The characteristic of accountability exists when a control provides assurance that every activity undertaken can be attributed to a named person or automated process. For example, audit logs that track user activity on an information system provide accountability.

 

3 Accuracy

 

Information should have accuracy. Information has accuracy when it is free from mistakes or errors and it has the value that the end users expects. If information contains a value different from the user’s expectations, due to the intentional or unintentional modification of its content, it is no longer accurate.

 

Utility

 

Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful. Thus, the value of information depends on its utility.

 

Possession

 

The possession of Information security is the quality or state of having ownership or control of some object or item.

 

Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail


Copyright © 2018-2020 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.