What is information security 2019? In this article, we will discuss more information in this title. Read this article so you can have knowledge of this study.
What is Information Security 2019?
Information security 2019 is a set of technologies designed. Also, it is to protect the confidentiality, integrity, and authenticity of the information.
Information security 2019 is a combination of hardware, software, people, policies, and procedures. Also, it is to protect information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction.
What are the Goals?
The goals of information security 2019 are:
- 1. Confidentiality: keeps information from unauthorized access
- 2. Integrity: ensures information is not inappropriately changed, damaged, or destroyed
- 3. Availability: ensures authorized users can access information when needed
- 4. Veracity: keeps information from being in an unauthorized manner, such as by a virus or worm
Data Classification
Data can be according to their confidentiality needs. The classification method is one-dimensional and yields a fairly effective but simple classification scheme.
Information security 2019 can be into public, private, confidential, secret, very secret, and top secret.
Public data is available to anyone. Private data is available to an authorized set of people. Confidential data is available to some selected people.
Secret data is available only to those who are to see it. Very secret data is available only to those who are directly involved. Top secret data is available only to the very few who are directly in the subject.
Controlling Access
There are two basic ways to control access: hardware and software. Hardware includes locks on doors, passwords, and ID cards; software includes firewalls and encryption systems.
Hardware is usually more reliable but software can be more flexible. Also, hardware devices are not foolproof.
Passwords are vulnerable to password-cracking programs. ID cards can be stolen. Hardware is expensive, especially in large organizations.
Software solutions are less expensive, more flexible, and easier to change in response to technological advances.
There are two types of access control mechanisms:
- Mandatory Access Control (MAC): access is on a user’s “security clearance.” Users gain and lose clearances based on their job requirements and need-to-know requirements.
- Control Access: the system enforces access restrictions based on a user’s identity and the sensitivity of the information to which the user must have access.
Requests for access to information are based on a user’s identity and need-to-know requirements.
The security policy defines the rules for granting or denying access. Also, it is to individuals based on their identity and authorization.
The need-to-know rule is by establishing a link between the individual requesting information and the specific information that is needed.
The system enforces the rules. Those who satisfy the rules, those who do not satisfy the rules are denied access.
What are Security Threats?
A threat is a potential danger to an individual, a software system, a computer system, a network, a company, a government agency, or some other organization.
Internal threats are by people or other entities inside the organization; external threats are by people or entities outside the organization.
Direct attacks are out directly against the target. A direct attack might be a virus that infects a computer, which could cause data to be corrupted or destroyed.
Conclusion
Information security 2019 can be into public, private, confidential, secret, very secret, and top secret. Also, the security policy defines the rules for granting or denying access.
The need-to-know rule is by establishing a link between the individual requesting information and the specific information.
