Let’s discuss what is Computer Security & Information Security and why they are important.
First of all Information security means protecting information and information systems from unauthorized access, use, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information.
Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management.
With the introduction of the computer, the need for automated tools for protecting the files and other information stored on the computer became evident. This is especially the case for a shared system as like internet. Thus, computer security is the generic name for the collection of tools designed to protect data and to prevent hackers.
Computer Security rests on confidentiality, integrity and availability.
Confidentiality is the concealment of information or resources. Cryptography can be the better choice for maintaining the privacy of information, which traditionally is used to protect the secret messages. Similarly, the privacy of resources, i.e. resource hiding can be maintained by using proper firewalls. Confidentiality is sometimes called secrecy or privacy.
Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information.
Integrity ensures the correctness as well as trustworthiness of data or resources. For example, if we say that we have preserved the integrity of an item, we may mean that the item is: precise, accurate, unmodified, modified only in acceptable ways, modified only by authorized people, modified only by authorized processes, consistent, meaningful and usable.
Integrity mechanisms fall into two classes; prevention mechanisms and detection mechanisms. Prevention mechanisms are responsible to maintain the integrity of data by blocking any unauthorized attempts to change the data or any attempts to change data in unauthorized ways. While detection mechanisms; rather than preventing the violations of integrity; they simply analyze the data’s integrity is no longer trustworthy. Such mechanisms may analyze the system events or the data itself to see if required constraints still hold.
Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one’s actions.
Availability refers to the ability to use the information or resource desired. An unavailable system is as bad as no system at all. An object or service is thought to be available if;
- It is present in a usable form.
- It has capacity enough to meet the service’s needs.
- It is making clear progress, and, if in wait mode, it has a bounded waiting time.
- The service is completed in an acceptable period of time.
Availability is usually defined in terms of “quality of service,” in which authorized users are expected to receive a specific level of service. The aspect of availability that is relevant to security is that someone may intentionally arrange to deny access to data or to service by making it unavailable
Availability, in the context of a computer system, refers to the ability of a user to access information or resources in a specified location and in the correct format.