- Get link
- X
- Other Apps
Information security does not mean protecting the security system but maintaining the information assets normally. According to the information security policy, there are three factors that must be considered in order to protect information assets.
- Confidentiality
- Integrity
- Availability
1. Confidentiality
There are various types of confidential information handled by companies, such as customer information, new product information, and personal information of employees.
It is important to maintain confidentiality so that such highly confidential information cannot be easily stolen or tampered with.
2. Integrity
Cyber attacks were generally aimed at obtaining highly confidential information.
However, in recent years, there have been many crimes of falsifying data and demanding money to recover such data.
In other words, integrity guarantees that the acquired data is safely and reliably preserved in its original state.
3. Availability
Availability refers to the availability of information assets to the people who need them when they need them. Therefore, in order to ensure availability, it is a prerequisite that confidentiality and integrity are ensured.
The following can be considered as concrete measures to be taken based on these three factors.
1. Confidentiality
This includes setting IDs and passwords.
However, it is not enough to set a password, it is also important to make it difficult to identify or change it regularly.
2. Integrity
It is also a countermeasure to limit the people who can access and modify the data and keep the history.
3. Availability
Specifically, this is to make a backup of the data.
Since it is an important factor of availability that recovery can be performed immediately in the event of a disaster, it is necessary to take measures such as regularly backing up to an external storage device and duplicating the network and system.
The three elements of information security are just the requirements needed to protect information assets.
If these three factors are lost, what kind of damage will occur, and it is important to anticipate the risks in order to avoid them.
Therefore, it is very important to thoroughly disseminate the information security policy from the management to the site and the outsourced business.
Confidential information varies depending on the type of business and business type. It is urgent to formulate the optimal policy for your company while incorporating the opinions of experts.
What Are the 7 Elements of Security?
So far, we have explained the three elements of security, but in reality, four elements have increased, and they are sometimes called "seven elements of security ."
The added elements are "authenticity", "accountability", "reliability", and "non-repudiation" .
This time, I will briefly introduce the four new elements that have been added.
4. Authenticity
Simply put, you can authenticate that the person you are trying to access is who you say you are. As a concrete measure, "digital signature" etc. is applicable.
5. Accountability
Being able to track who was responsible for what could or caused an incident. One specific measure is to manage who performed the operation or tampering with a system that keeps access logs and operation logs.
6. Reliability
In information processing, the intended operation is surely performed. Even without human error, data can be tampered with due to system bugs. Eliminating system bugs is one measure.
7. Non-repudiation
It is possible to prove that actions and events related to information resources cannot be denied later. This can also be achieved by leveraging digital signatures.
Finally:
As introduced in this article, the three elements of information security have now increased to seven elements. It can be considered that information security measures are becoming more sophisticated and subdivided.
So far as discussed, data security has similar importance as information security. Using a free antivirus is a basic priority for online threats.
Comments
Post a Comment