What are information security fundamentals? And how can it help businesses protect their private data?
Read on to learn more.
What is information security?
InfoSec stands for information security. It refers to the process of protecting information from all types of threats and risks.
You may have heard of cybersecurity before. Cybersecurity is a part of InfoSec that solely focuses on protecting information from attacks in the cyberworld.
On the other hand, information security is the superset of cybersecurity. And it includes securing information even from physical risks.
What are the information security fundamentals or principles?
The fundamentals or principles of information security involves three goals:
- Confidentiality
- Integrity
- Availability
The CIA triad is a guide for companies to maintain security. But, what do these fundamentals mean?
CIA triad in the Information Security
Confidentiality
Confidentiality is really about privacy. This helps companies keep their information hidden from those who are not allowed to see it.
It also means that they can choose people who are authorized to access it. For example, hospitals don’t allow anyone to see files from their patients.
Your medical history is also something that you want to keep private. As a patient, you also want to keep it to few people, like your attending doctor.
Typically, confidentiality uses encryption or strict access control. But, confidentiality can still be breached even with encryption. How so?
Let’s say the doctor calls you by your full name in the reception area. So, other people can hear it. And because your full name is considered confidential, that is already a breach of confidentiality.
That’s why each employee must be aware of what they should do to maintain confidentiality.
Integrity
Integrity means keeping something complete and accurate. In information security, it refers to the reliability of your information.
One thing that hackers do is to change data in your system and that is a breach of integrity. For example, hacking happens on your online website and then the hacker modifies the shipping fee code.
Another example is that banks should not alter the balances of their clients because it means that information is not accurate anymore. More often it happens very accidentally.
For companies, this is very critical. Clients want to feel relieved and assured that their information will always be correct, so they can trust your company and in doing business with you.
Availability
Availability means 24/7 access to information by those allowed to do so. For example, if clients want to see their account balances in a bank, they would see it whenever they want to.
But what is an example of an interruption or compromise of availability? One cause of the interruption is that there would be a denial of service attack. This happens when a hacker takes down a website.
So, authorized users can’t access information anymore. Other concerns can include power outages and national disasters like fires.
Wrapping Up
Information security combines technologies and human processes. As a result, we can manage the security of information.
The CIA triad or fundamentals of information security is a model to guide companies. Really, information security is a broad topic.
But ensuring confidentiality, integrity, and accessibility is very important. So, any security system can handle any type of threat and risk.
