Information Security
Information security ("IS" “InfoSec” "data security") is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Its primary concern is for the confidentiality, integrity, and availability of your data. (This is often referred to as the “CIA.”)
Ensuring that information is not compromised in any way when critical issues arise. These issues include but are not limited to natural disasters, computer/server malfunction and physical theft.
Helpful terms
Authentication - The process that affirms an entity’s credentials, thus proving an identity.
CIA - CIA triad (or C/I/A), these three security aspects have long been held as the fundamental principles of Information Security.
Confidentiality: describes the need for information to be accessible only to those that are authorised to view it.
Integrity: describes the need for information to be protected from modification by those that are not authorised to change it.
Availability: describes the need for information to be available to those that require it, when they require it.
Cryptography - or cryptology is the practice and study of techniques for secure communication. Cryptography involves creating written or generated codes that allow information to be kept secret.
Digital Certificate - An electronic identifier that establishes your credentials when doing business or other transactions on the Web.
Digital Signature - A tool used to provide the authentication of the sender of a message, as well as the origin of the message and identity of the sender. It is unique for every transaction and created with a private key.
Hash Functions - These are different from SKC and PKC. They use no key and are also called one-way encryption. Hash functions are mainly used to ensure that a file has remained unchanged.
Public Key Cryptography - (PKC): Here two keys are used. This type of encryption is also called asymmetric encryption. One key is the public key that anyone can access. The other key is the private key.
Secret Key Cryptography - (SKC): Here only one key is used for both encryption and decryption. This type of encryption is also referred to as symmetric encryption.
User Identification - (User ID, UID) Information (aka credential) that is used to uniquely identify or define attributes about an individual's or entity's identity.
Information security handles risk management. Anything that can act as a risk or a threat to the CIA triad must be kept - it cannot be changed, altered or transferred without permission. For example, a message could be modified during transmission by someone intercepting it before it reaches the intended recipient. Good cryptography tools can help mitigate this security threat. Digital signatures can improve information security by enhancing authenticity processes and prompting individuals to prove their identity before they can gain access to computer data.
No comments:
Post a Comment