What are the principles or prin of information security? Also, why is it important to learn about these?
To sum up, information security protects information. And we need to do so today.
News about hacks and breaches happen. So, we should do something on our part.
How can the prin of information security help us do that?
Read on to learn more. But first, let’s define what information security means.
What Is Information Security?
In short, InfoSec protects information. And these include online and offline.
It also means that only a limited number of people can see and access the information. But, how is that possible?
To do so, it’s vital to put security controls. One example is applying passwords. So, only you can see it.
Then, how does information security work?
Usually, infosec experts apply it. But, we should also do something on our part.
Still, you may ask yourself. ‘Why should I do that?’
Today, there are criminals anywhere. And information security is not exempted.
Besides, these cybercriminals are getting smarter. And they have so many ways to steal information.
But, it’s not only stealing. They even frighten people and companies. Just so they give them money.
If not, they will sell the stolen information to other people. So, you don’t only lose your files or data.
You can even lose your identity. Worse, you can also lose your money. And this happens if they access your bank information.
In companies, they suffer from a bigger loss. Aside from money, they also lose customers.
Having security incidents will make customers think that a company is not trusted. So, they can also lose their reputation.
And this will go on for years. Some even closed their doors because of the damage.
So, we should do something to stop that. Whether you are an individual or a company, take action. But how?
We should apply security controls. And these controls should be based on the prin of information security.
So, what are these? Continue to read on.
What Are the Prin of Information Security?
Experts made the CIA triad as the foundation of information security. These principles are:
- Confidentiality
- Integrity
- Availability
Prin of Information Security: Confidentiality, Integrity, Availability
Confidentiality
It means keeping the information private or secret. So, we should limit the persons who can see and access it.
For example, not all employees can see the Payroll database. But, only those who are Payroll employees.
Companies can also set controls, such as:
- strong access controls
- authentication processes
- training of employees
Integrity
It means keeping information correct and consistent. So, it prevents changing of information.
For example, customers expect the correct prices of a store. So, prices in the racks should be the same when entering the cashier.
To keep information reliable, companies can also do the following:
- digital certificates
- digital signatures
- version control
Availability
It means keeping information functional by making it available when needed.
For example, the ATM machine is available in public. It is also accessible even when the bank is already closed.
Companies can also do the following to avoid compromise:
- regular back-up of data
- regular software patching
- updated system upgrades
