written 6.2 years ago by |
The Three Security Goals are Confidentiality, Integrity and Availability.
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. It includes the following two concepts:
Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Integrity: Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. It includes the following two concepts:
Data: Assures information and programs are changed only in a specified and authorized manner.
System: Assures that a system performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system.
Integrity models have three goals:
Prevent unauthorized users from making modifications to data or programs
Prevent authorized users from making improper or unauthorized modifications
Maintain internal and external consistency of data and programs.
An example of integrity checks is balancing a batch of transactions to make sure that all the information is present and accurately accounted for.
- Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system. Assures that system works promptly and services are not denied to authorized users. Information security professionals usually address three common challenges to availability:
Denial of service (DoS) due to intentional attacks or because of undiscovered flaws in implementation (for example, a program written by a programmer who is unaware of a flaw that could crash the program if a certain unexpected input is encountered)
Loss of information system capabilities because of natural disasters (fires, floods, storms, or earthquakes) or human actions (bombs or strikes)
Equipment failures during normal use