Information security is the exercise of protecting information from unlawful access, use, disclosure, disruption, modification, perusal, inspection, recording or damage. It is a general term that can be used regardless of the form the data may take.
The basic principles or key concepts that make up the information security are
- Non – repudiation.
Confidentiality refers to preventing the revelation of information to unauthorized individuals or systems. Confidentiality is necessary for maintaining the privacy of the people whose private information a system holds.
In information security, data integrity means maintaining and assuring the accuracy and stability of data over its entire life-cycle. This means that data cannot be tailored in an unauthorized or undetected manner. Information security systems typically provide message integrity in addition to data confidentiality.
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information. High availability systems aim to remain obtainable at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks.
In computing, e-Business, and information security, it is required to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim to be. Some information security systems include authentication features such as "digital signatures", which give evidence that the message data is genuine and was sent by someone possessing the proper signing key.
Non - Repudiation
Non-repudiation implies one's intent to fulfil their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.
- Information security uses cryptography to change usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption.
- Information that has been encrypted (rendered unusable) can be transformed back into its unique usable form by an authorized user, who possesses the cryptographic key, through the process of decryption.
- Cryptography is used in information security to protect information from unauthorized or unintended revelation while the information is in transit (either electronically or physically) and while information is in storage.
- Steganography (Listen) is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.
- The advantage of steganography over cryptography alone is that messages do not attract attention to themselves.
- Cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.
- Information security is extremely easy to utilize. For defence of less sensitive material users can simply password protect files? For the more insightful material users can install biometric scanners, firewalls, or detection systems.
- As technology increases so will the crimes linked with it. Making the use of information security very worthwhile.
- It keeps vital private information out of the wrong hands.
- For the government it keeps top undisclosed information and capabilities out of terrorist and enemy nation's hands.
- Information security protects users priceless information both while in use and while it is being stored.
- A technology is always changing so users must always purchase upgraded information security.
- Since technology is always changing nothing will ever be completely secure.
- If a user miss’s one single area that should be protected the whole system could be compromised.
- It can be extremely complicated and users might not totally understand what they are dealing with.
- It can slow down productivity if a user constantly has to enter passwords.
Real Time Examples
- Financial institutions.