Scribd
Upload
74 views

Security - Is The Sense of Being Safe or Protected From Deliberate or Accidental

The document discusses information security and defines it as protecting information from deliberate or accidental threats to ensure it remains safe, private, and available only to authorized users. It outlines the CIA triangle model of confidentiality, integrity, and availability that is used as a framework for protecting information. Confidentiality involves classifying data to restrict access, integrity means data is accurate and unaltered, and availability means authorized users can access the system and information at all times. The document also discusses components of an information security architecture like policies, security personnel, monitoring equipment, and auditing tools that are used to implement the CIA model. It covers security access points, threats, and vulnerabilities related to people, applications, networks, operating systems, databases, and

Uploaded by

Reycelyn Ballesteros
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
74 views

Security - Is The Sense of Being Safe or Protected From Deliberate or Accidental

The document discusses information security and defines it as protecting information from deliberate or accidental threats to ensure it remains safe, private, and available only to authorized users. It outlines the CIA triangle model of confidentiality, integrity, and availability that is used as a framework for protecting information. Confidentiality involves classifying data to restrict access, integrity means data is accurate and unaltered, and availability means authorized users can access the system and information at all times. The document also discusses components of an information security architecture like policies, security personnel, monitoring equipment, and auditing tools that are used to implement the CIA model. It covers security access points, threats, and vulnerabilities related to people, applications, networks, operating systems, databases, and

Uploaded by

Reycelyn Ballesteros
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Information Security

Security is the sense of being safe or protected from deliberate or accidental


threats.
Information is one of an organizations most valuable assets, and many
companies have an information security department that protects the information
and assures employees and managers that the information is safe.
Safe in the sense that it is protected from access by unauthorized users.
Information Security
Consist of the procedures and measures taken to protect each component of
information system involved in producing information.
Protecting data, hardware, software, networks, procedures and people.
According to the National Security Telecommunications and Information
Systems Security Committee (NSTISSC), the concept of information security
is based on the C.I.A Triangle.
C stands for Confidentiality
I stands for Integrity
A- stands for Availability
C.I.A triangle is a framework for protecting information.
C.I.A should guide your efforts to enforce information integrity and shield
data from being tampered with by unauthorized persons, being modified
accidentally by employees, or losing consistency because of incorrect coding
of business requirements and rules.

*data and information is


classified into different
levels of confidentiality
to ensure that on
authorized users access
the information.

Information
Security

*system is available at
all times only for
authorized persons.
*system is protected
from being shut down
due to external or
internal threats or
attacks.

Integrity
*data and information is
accurate and protected
from tampering by
unauthorized persons.
*data and information is
consisted and validated.

Confidentiality
Information Security C.I.A Triangle

One of the principles of the C.I.A triangle.


Addresses two aspects of security that have subtle differences.
First aspect is the prevention of unauthorized individuals from knowing or
accessing secret information.
Second aspect is the process of safeguarding confidential information and
disclosing secret information only to authorized individuals by means of
classifying information.
Integrity
Second principle of C.I.A Triangle.
For information integrity to exist, the data upon which it is based must be
consistent and accurate throughout the system.
The integrity aspect of information security is vital, because it focuses your
attention on the most valuable asset, data, which in turns become
information.
Data is considered to have integrity if it is accurate and has not been
tampered with intentionally or accidentally.
Data must be protected at all levels to achieve full integrity.
Availability
Principle with respect to information security means that the system should
be available (accessible) to individuals who are authorized to access the
information and the system should determine what an individual can do with
that information.

Information Security Architecture


Is a model for protecting logical and physical asset.
Overall design of a company implementation of the C.I.A triangle
The architecture component range from physical equipment to logical
security tools and utilities.

Confidentialit

Integrity

Availability

Components of Information Security Architecture

Information Security

Logical
and
Physical
Assets

1. Policies and Procedures documented procedures and company policies that


elaborate on how security is to be carried out.
2. Security Personnel and Administrators- people who enforce and keep security
in order.
3. Detection Equipment- devices that authenticate employees and detect
equipment that is prohibited by the company.
4. Security Programs- tools that protect computer systems servers from
malicious code such as viruses.
5. Monitoring Equipment- devices that monitor physical properties, employees,
and other important assets.
6. Monitoring Applications-utilities and applications used to monitor network
traffic and internet activities, downloads, uploads, and other network
activities.
7. Auditing procedures and tools- checks and controls put in place to ensure
that security measures are working.

Database Security
One function of database management systems is to empower the database
administrator to implement and enforce security at all levels of the database.
In order for you to protect your valuable data stored in your database, you
must know the various security access points that can make your database
vulnerable.
Security Access Point
Place where database security must be protected and applied.

Security Access Point

1. People- individuals who have been granted privileges and permissions to


access applications, networks, workstations, servers, databases, data files,
and data. This means that people represent a risk of database security
violations. Database security must entail all necessary measures to secure
data within the database.
2. Applications design and implementation, which includes privileges and
permissions granted to people. If these permissions are too loose, individuals
can access and violate data. if these are too restrictive, they do not allow
users to perform their responsibilities.
3. Network one of the most sensitive security access points.
4. Operating System- defined as the authentication to the system-the gateway
to data.
5. DBMS logical structure of database, which includes memory, executables
and other binaries.
6. Data files- access point that influences database security enforcement is
access to data files where data resides. through the use of permissions and
encryption you must protect data files belonging to the database.
7. Data deals with data design needed to enforce data integrity, the
application implementation needed to ensure data validity, and the privileges
necessary to access point.
Menaces to Database
1. Security vulnerability a weakness in any of the information system
components that can be exploited to violate the integrity, confidentiality, or
accessibility of the system.
2. Security threat security violation or attack that can happen any time
because of security vulnerability.
3. Security risk - a known security gap that a company intentionally leaves
open.
Types of Vulnerabilities
Category
Installation and
configuration

User mistakes

Description
This results from using a
default installation and
configuration that is
known publicly and
usually does not enforce
any security measures.
Improper configuration or
installation may result in
security risks.
Carelessness in
implementing procedures,
failure to follow through,

Examples
-Incorrect application
configuration that may
result to application
malfunction
-failure to change default
password.
Failure to change default
permissions and
privileges.
-lack of auditing controls.
-untested disaster
recovery plan.

or accidental errors
Software

Design and
implementation

Relates to vulnerabilities
found in commercial
software
Related to improper
software analysis and
design as well as coding
problems and deficiencies

Lack of protection against


malicious code
-software contains bugs
-software patches not
applied.
-System design error.
-input data is not
validated.

You might also like