Confidentiality
Confidentiality means keeping information secret from unauthorized access and is
probably the most common aspect of information security. It is important to protect
confidential information. An organization needs to guard against those malicious
actions that endanger the confidentiality of its information. For example, an account
user is authorized to see his account transaction online and no other account user can
access this data as it is confidential.
Integrity
Information needs to be changed constantly. In a bank, when a customer deposits or
withdraws money, the balance of their account needs to be changed. Integrity means
that changes should be done only by authorized users and through authorized
mechanisms. Moreover, the changes should get reflected at all the ends on which the
changed information is accessed.
Availability
The third component of information security services is availability. The information
created and stored by an organization needs to be available to authorized users and
applications. Information is useless if it is not available o authorized users.
Information needs to be changed constantly, which means that it must be accessible to
those authorized to access it. Unavailability of information is just as harmful to an
organization as a lack of confidentiality or integrity. Imagine what would happen to a
bank if the customers could not access their accounts for transactions. Therefore,
information should be accessible and useable upon appropriate demand by an
authorized user and availability is the prevention of unauthorized withholding of
information.
Authentication
Authentication is the process by which a person or other entity proves that it is who
(or what) it says it is. For example, a bank authenticates a person or entity that deal
before transferring something valuable, such as information or money, to or from, it.
Authentication is achieved by presenting some unique identifying entity to the
endpoint that is undertaking the process. An example of this process is the way you
authenticate yourself with an ATM - here you insert your bank card (something you
have) and enter your personal identification number (PIN –Personal Identification
Number, something you know). Another example can be the authentication process for email account. In this case, you have the email address and you know the corresponding account password to access the account.
Non-Repudiation
Non-repudiation is the prevention of either the sender or the receiver denying a
transmitted message. A system must be able to prove that certain messages were sent
and received. Non-repudiation is often implemented by using digital signatures. For
example, a user A sent a message to user B. At later stage, user A should not deny of
having sent the message to user B.
Other Security Service –
Access Control
Access control means control of access through identification and authentication. A
system needs to be able to identify and authenticate users for access to data,
applications and hardware. In a large system there may be a complex structure
determining which users and applications have access to which objects. This is done
through Access Control List (ACL). For example, an account holder while checking
his data online can only view data but cannot modify it. This is because of the reason
of access given to the user on the basis of his role and identity.
0 टिप्पणियाँ:
Post a Comment