General Security Principle: Introduction


A principle which is a core obligation of information security for the safe utilization, flow, and storage of information is the CIA triad. CIA stands for confidentiality, integrity, and availability and these are the three main objectives of information security. For a deeper look into these objectives, check out our security training classes.


·   The Application Access Layer defines the notion that access to end-user applications have to be constrained to business ought-to-know
·     The Infrastructure Access Layer describes the notion that access to infrastructure components has to be constrained to business ought-to-know. For instance, access to servers. 
·   The Physical Access Layer describes the notion that the physical access to any system, server, computer, data centre, or another physical object storing confidential information has to be constrained to business ought-to-know.
·      The Data In Motion Layer describes the notion that data ought to be secured while in motion.
·      This little icon in the middle of the illustration shows the centre of information security and the reason for the emergence of the CIA principles; the icon represents information and represents the need to protect sensitive information.

Confidentiality
The aim of confidentiality is to ensure that information is hidden from people unlawful to access it. The confidentiality principle dictates that information should solely be viewed by people with appropriate and correct privileges. The science (and art) used to ensure data confidentiality is cryptography, which involves encryption and decryption methods.

Confidentiality can be easily breached so each employee in an organization or company should be aware of his responsibilities in maintaining confidentiality of the information delegated to him for the exercise of his duties. For instance, if an employee allows someone to take a glimpse of his computer screen while he is, at that moment, displaying confidential information on the computer screen may have already constituted a breach of confidentiality.

Furthermore, confidentiality and privacy are often used interchangeably. Below, we discuss cryptography, operative manners of protecting confidentiality, and we have included some tips on confidentiality agreements.

Cryptography
Cryptography’s beginning can be traced thousands of years ago. However, the contemporary cryptography differs substantially from the classic one, which used pen and paper for encryption and which was far less complex. The establishment of the Enigma rotor machine and the subsequent emergence of electronics and computing enabled the usage of much more elaborate schemes and allowed confidentiality to be protected much more effectively.

Encryption is an accepted and effective way of protecting data in transit but is increasingly being used for protecting data at rest as well. The Computer Security Institute published the results of a survey in 2007, which showed that 71% of the businesses used encryption for various data in transit while 53% used encryption for selections of data at rest. Furthermore, there are different techniques for preserving confidentiality depending on whether the data is in motion, at rest or a physical object. Naturally, access controls are also a necessity for maintaining confidentiality. Access controls can consist of passwords, biometrics, or a mixture of both. As regards to physical data, its means of protection are somewhat similar – access to the area where the information is kept may be granted only with the proper badge or any different form of authorization, it can be physically locked in a safe or a file cabinet, there could be access controls, cameras, security, etc.

Encryption consists of changing the data located in files into unreadable bits of characters unless a key to decode the file is provided. In manual encryption, the user utilizes software and initiates the encryption. In transparent encryption, the encryption happens automatically without any intervention on the side of the user.

Symmetric encryption occurs by utilizing character substitution with a key that will be the only means of decrypting the bits of information. Conversely, asymmetric encryption is used when there are two keys, a public key, and a private key. Any person may encrypt the information with the public key but it can only be decrypted by the holder of the private key.
Watch this space for more information on this topic!

Comments

Post a Comment

Popular posts from this blog

6 Delicious Foods to Try in Belgium

Image
Belgium as a country may have been overshadowed by its more popular neighbours but the regional cuisine is enough to entice any serious traveller to this exquisite country. Belgium has been rather famous for its junk food but Belgian food is not just a mixture of mouth-watering dishes or junk food; it is an exquisite blend of food styles of France, Germany, and the Netherlands. The unique food makes it reason enough for anyone, especially diehard foodies, to plan a trip to this heaven of taste buds! After all, Belgium cuisine is made keeping its flavour in mind rather than its look. Belgian Fries This is somewhat the national food of Belgium. No one calls it ‘French Fries’ there, even in English. The Belgium-perfected way of fries is a two-step frying process to perfect the inner and outer crunchiness as well as the softness. It is one from the list of Belgium vegetarian food. There is an annual voting of which restaurant or stall makes the best fries. One Belgian food fact is...
Read more

What is Mimblewimble?

Image
Tested for decades, Mimblewimble uses elliptic-curve cryptography that requires smaller keys than other cryptography types. In a network that is using the Mimblewimble protocol, there are no addresses on the blockchain, and the network’s data storage is highly efficient. Mimblewimble needs about 10% of the data storage requirements of the Bitcoin network. This makes Mimblewimble highly scalable for storing the blockchain , significantly faster, and less centralized. Furthermore, the nature of the protocol allows for private transactions that are highly anonymous (more about this later). The birth of Mimblewimble Rejoice, Harry Potter fans! Another reference is coming from the movie fan world. The Mimblewimble Whitepaper   was first published on July 2016 in the Bitcoin research channel under the anonymous author name of Tom Elvis Judisor – the French name for Voldemort. Soon after the whitepaper was published – at the end of 2016 -, another anonymous user wit...
Read more

5 Things You Must Know About Croatian Culture

Image
Culture is everything in the Balkans. Croatian culture gets drummed into young people from an early age, an obvious hangover of centuries of occupation and having to fight for national existence. There is plenty to love in the culture, however, especially if you’re into red-and-white checkerboards. What makes the Croats stand out from the pack? In a part of the world where languages intertwine, and much of history is shared, it is culture that separates the Croats from their Slavic brethren. Here are the 5 things you must know about Croatian Culture before vacationing there: Red-and-white checkered everything If there is one thing that is synonymous with Croatia, it is the distinct red-and-white checkerboard design that is ubiquitous here. Whether it is adorning the jerseys of national sports teams, the faces of supporters or practically every flag in the country, there is nothing more Croatian than what the local people call the šahovnica (chessboard). The šahovnica has been ...
Read more