Ch2 - 2.01 - Goals of Information Security Flashcards
Confidentiality
One of the goals of information security is to ensure confidentiality such that only authorized persons can gain access to information and are able to read
the information. A number of technologies such as permissions and encryption could be used to keep information confidential.
Integrity
The concept of data integrity is to ensure that when data is sent from a source to a destination, the information received at the destination has not been altered in transit. Data integrity also means that if you store a file on the drive and open it later, you can be certain that the data has not been altered while in storage.
Another point to make about data integrity is that implementing solutions such as permissions can help protect the data integrity of information, because if you control who is allowed to modify the data, you can then protect it from unauthorized changes.
Availability
Availability, the third fundamental goal of information security in the CIA triad, is the concept of ensuring that the information is available when the user wants it. This is an often overlooked aspect of information security.
Availability - Popular Solutions
- Permissions
- Backups
- Fault tolerance
- Clustering
- Patching
Accountability
Accountability is ensuring that users are accountable for their actions—if someone inappropriately deletes a file, for example, a record of that action exists to hold them accountable.
Accountability - Popular Methods
- Log Files
- Audit Files
- Firewalls and Proxy Servers
- Application Logging
