About Information Security 3 Principles Analyst Access Control Introduction Answers Training With Example Cia Triad Concept C Stands
Hello everyone, welcome to my Website information security booth. This is preethi today we’ll be talking about security information security, About Information Security 3 Principles Analyst Access Control Introduction Answers Training With Example Cia Triad Concept C Stands its objectives and the need for security in our day-to-day life, and what information security policy we can follow at the organization level.
So without further ado, let’s get into the article; let’s begin so what is security is nothing but the protection of our belongings from the malicious actors that are there in this world, so these are a few examples of uh of security like asset corporate house food national human and information security we will be covering information security in this article. Still, we’ll be looking at what other security types are.
So nowadays, everyone in this world is using mobiles to communicate telephones, laptops, and desktops. Hence, all of these are id assets that we use in our day-to-day life, and we are dependent on them; they are part of our life, so our data, our critical data, and our data are stored those data on these devices.
Our main plan is to keep that information that is important to us, the belongings that we have secured; we try to put passwords in our mobile, we try to put pins in our laptops and desktops we try to secure so that the other unauthorized person is not able to access that asset this can happen in our day-to-day life like at the personal level as well as at the corporate level.
Next, we have national security so that national security would be like trains, ships, submarines are local commute metros, and the merchant ships that carry goods, products services; all of these assets are also need to be secured at the national level moving on to medical and pharmaceutical so we have medical and pharmaceutical companies that need to ensure that the data that their patients are giving to them is secured because the patients are visiting them be it for their routine checkups or their one-time checkups there is health information and personal information of the patient that they are storing and processing in their database.
So they need to be ensured that their data be it on-premises or in the cloud, is secured moving on to houses and institutes, so houses and institutes also play a very important role because we keep our belongings in our houses we have critical information’s that are there in our institutes of any kind like colleges and government authorities kind of security can be put in to secure those infrastructures, so we have CCTV in place uh we have biometrics uh system in place we have smart locks, uh to ensure that only the authorized person can enter into the premises.
Moving on to the next one, information security, so now as we discuss security, information security is a type of security; it is just that we are right in this domain; we are going to prevent any unauthorized use, access modification, or deletion of information.
Here the two important points are unauthorized and information, so an unauthorized user would be any user who is not supposed to have access to certain information but in some illegal way can access that.
Next is information, so what is information is a high-level knowledge that carries some meaning with it; some analysis can be concluded from that information, and what is data so data is a low-level knowledge not necessarily will be able to conclude anything from data so just a one-liner statement if I would like to give that would be information is nothing but the data that has some meaning and information can be in physical form as well as an electronic form like we can store anything in our mobiles or we can keep our credentials or keep our information’s in the physical form like hard copy paper form.
Moving on to the next one is the objectives of information security, so now that we discussed what security is and what is information security we need to ensure what are the pillars of information security if we are saying that we need to implement it in our day-to-day life, so the pillars of InfoSec is CIA that is confidentiality integrity and availability we are going to cover each one of these so confidentiality is nothing but a pillar that ensures that the information is not leaked out of that transmission channel by any unauthorized user, so we need to ensure that there is no unauthorized user who is having access to that information something that is critical to us.
Be it be that information in the rest phase or the transmission phase, and we need to ensure that only the authorized person, someone who is supposed to have that access is having that access so the controls that we are going to put in here uh can be uh multi-factor authentication like we whenever we are trying to access any bank site our accounts there we put our credentials that are login ids email ids and passwords and we can we put otp, so otp is something the second level of authentication to ensure that I am authorized to access that particular account o that is confidentiality.
Now moving on to the next one, integrity so integrity means to ensure that the accuracy and completeness of the data are maintained and to ensure that any unauthorized user does not modify the data during its transmission phase, so the controls that we can put in for integrity would be encryption a receiver who is supposed to receive that information he has a specific key that can open that information.
Moving on to the next one that is availability so availability means that the information must be available to all the authorized individuals at any point of time or whenever they need that information, so even if there is a failure of the system, we need to ensure that the data is available uh to the authorized users so the controls that we can put in here uh can be uh having a disaster recovery plan in place having a continuity plan in place in case of any disaster or any natural calamity we need to have a backup in cloud or on on-premises to ensure that the data is available to all the authorized users.
About Information Security 3 Principles Analyst Access Control Introduction Answers Training With Example Cia Triad Concept C Stands
Moving on to the next one, the need for information security; why do you think we need information security nowadays? We see that people are greedy; now, there are organizations, and there are countries who are willing to pay millions of dollars for any critical information that they can steal to ensure that the company’s information is protected and secured; we need to have information security to start with the first bullet point that is protecting the functionality of an organization.
Now to give you an example, suppose there is a ransomware attack that happens on any organization, uh their information won’t be available to uh to its employees or to its clients which can cause which can be a great business loss to the organization that can lead to the loss of its functionality it won’t be able to function for the certain uh amount of time or period uh so to ensure that the functionality of organization is uh is not hampered information security is very important.
Next is enabling the safe operations of applications; so nowadays, we know that organizations they built-in applications on platforms; we need to ensure that once the application is in their environment, the operation of those applications should be secured, so we should have secured SDLC that is secured software development life cycle that is followed throughout the application stages and phases.
Moving on to the next one, securing the data that the organization stores, processes, and handles, so wherever there is a contract between a customer and the organization, there will be data that they will be processing, storing, or handling in the organization’s responsibility. The organization is accountable for that; they need to ensure that the data they are storing, processing, or handling is secured, so they should mandatorily put controls accordingly.
Moving on to the next one that is safeguarding all technology assets in an organization now we know that information is important for us; information is critical, so employees use information, so employees are using that information on their assets that as laptops, desktops, tabs mobile phones that organizations are providing so they need to ensure that uh that the technology assets the id assets that the employees are using are secured, so they are going to ensure that the encryption is in place they are following the standard patch management process the standard operating system upgradations and much more last but not the least we are going to cover attracting the potential customers to the organization.
Moving on to the next one, which is information security policy, what is information security policy so? Info is nothing but a document that the organization is creating or it is establishing um based on their needs and requirements as well as the needs and requirements of their interested parties, that is, their customers uh that should also be fulfilled; it is important to ensure that the customers’ requirements are also fulfilled um through their information security policy, uh that policy is going to ensure that the data that is being stored processed or handled is protected be it in the rest phase or be it in the transmission phase so these are few of the programs and policies that can be added at the organizational level information security policy.
Moving on to next one, the relevant legislation that we have across uh countries in different regions so uh several legislations are there throughout the world where the countries have certain acts in place the orders to ensure that the data that is there in that country or in that region is protected and is not uh vulnerable for any exploitation. Hence, these are a few of those we will be covering each one of these in our next article.
What are the 3 principles of information security?
What is information security? InfoSec information security refers to practices designed to protect electronic print or any other form of confidential information from unauthorized access; often, information security and cyber security terms are used interchangeably; information security definition relates to the protection of all forms of information.
Cyber security is the practice of protecting electronic data from being hacked, compromised, or unauthorized access data can be called information in specific contexts; however, these terms have different meanings data is an individual unit containing raw and unorganized facts; information is a meaningful form of data after it is structured in a particular fashion.
Information security is also known as InfoSec for short CIA triad confidentiality integrity, and availability; the three core principles of information security data protection risks are calculated based on likelihood and impacts on each of these three security principles see confidentiality the purpose of confidentiality is to protect the data from unauthorized access it is possible by implementing access restrictions to allow access to authorized entities only examples of data confidentiality compromise would be unauthorized disclosure password theft or sensitive information theft.
I-integrity integrity means preserving the accuracy and completeness of data; this element ensures that data has not been tampered with and can be trusted; an example of data integrity compromise is the altering of data during transfer due to unauthorized access availability; this refers to the availability of data when authorized users require this data devices systems applications data are of little value to any organization if their customers can’t access it when they need it the denial of service attacks prevention is an example of ensuring data availability fulfillment of information security principles and compliance is an ongoing process due to today’s complexities between different systems and the constant changes due to ongoing data flows and improvements should you requires a piece of advice or discuss your security concerns.
What are the 5 components of information security?
We will discuss components of the information system! or computer-based information system computer-based information system! is comprised of simple hardware-software Delta Network! and a communication system that supports the communication system.
Now the first point is people can be IT professionals! like system administrators then programmers! like who develops the programs! and end-users and users use the hardware and SEC! software for retrieving the desired information now the second one is a computer! the system is a combination of hardware and software hardware! is a substantial part which physically! exists which can touch and see and hardware includes all the devices! which are the functions of an information system! like input devices, for example, keyboard more keyboard than reader Mouse, etc. then processing devices include CPU! the central processing unit and main memory then storage devices are used for storing the data in the memory.
It includes internal and external memory! then output devices are used for outputting the data! outputting the result of the problem! and it will include a monitor printer and display screens.
Next is software is a set of instructions, or we can say that it’s a set of programs. It can be used through programming and software, including systems of wear and applications of faith; now, the nexus data we all know that data is the meaningless effect. It can be quantitative or qualitative! and it has no context means it’s a piece of information! that has no context, and it can be quantitative and qualitative.
Next is the network and communication system network, which means it’s a collection of interrelated computers. The communication system and network include physical devices, which means hardware and software. They are both linked to each other! for transferring the information from one physical location! to another physical location! via the networks, so these are the components of the information system.
What is the CIA Triad concept?
It’s not the CIA you’re thinking of. The CIA triad and Information Security mean confidentiality, integrity, and availability. It’s an organizational model designed to guide information storing policies. Its three elements are considered the three most crucial components of security. That limits access to information Confidentiality is a set of rules. It’s comparable to privacy.
Ensuring confidentiality means the right people can access sensitive information while the wrong people cannot. This can be accomplished through data encryption, two-factor authentication, and biometric verification methods. Integrity is the assurance that the information is trustworthy and accurate. It involves maintaining data consistency and accuracy over its entire lifecycle. Measures like file permissions and user access control ensure that unauthorized people can’t change data. At the same time, checksums and backups safeguard data from non-human threats, like an electromagnetic pulse or server crash.
reliable access to the information and availability is the guarantee. It’s best ensured by rigorously maintaining all hardware! and stay up to date with all system upgrades! providing bandwidth! preventing bottlenecks! and fast disaster recovery is also essential. Big Data poses extra challenges to the CIA simply because of the sheer volume of information, sources, and format variety. Things also challenge the CIA triad Internet of.
Unpatched internet-connected devices, often configured with weak passwords, can easily be exploited by bad actors. Something like a WiFi-enabled light bulb could be exploited and used as an attack vector. How does your organization embrace the CIA triad? Let us know in the comments below.
Tim Cook Apple Sideloading International Association of Private click here:
our Facebook page: click here