November 1, 2017

The Main Goals of IT Security

The main goals of IT security are, CIA:
  • Confidentiality
  • Integrity
  • Availability
Confidentiality - Prevent unauthorized disclosure. This must be enforced when data is in rest (data encrypted and not readable by unauthorized persons), in process (securely handled by server or client) and in transit (sent securely over network).

Integrity - Data consistency and not modified by unauthorized person. This must be upheld when data is in rest (not altered by db admin e.g.), in process (altered by e.g. trojan on server) and in transit (man in the middle attack)

Availability - information is timely accessible by authorized persons.

Different organizations value these goals differently.
Some value more Confidentiality (keeping secret secrets), e.g. military secrets or company trade secrets.
Other upholding Integrity, e.g. financial transaction values.
And other value more Availability , e.g. e-commerce web sites.

No comments: