Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
13 views3 pages

Security

The document outlines the three primary security goals of confidentiality, integrity, and availability (CIA), which form the foundation of information security measures. It discusses integrity models that ensure data remains trustworthy and availability models that keep data accessible during emergencies. Additionally, it covers various security threats and defenses, including encryption, firewalls, and anti-virus software.

Uploaded by

soft
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
13 views3 pages

Security

The document outlines the three primary security goals of confidentiality, integrity, and availability (CIA), which form the foundation of information security measures. It discusses integrity models that ensure data remains trustworthy and availability models that keep data accessible during emergencies. Additionally, it covers various security threats and defenses, including encryption, firewalls, and anti-virus software.

Uploaded by

soft
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

The Three Security Goals Are Confidentiality, Integrity,

and Availability
All information security measures try to address at least one of three goals:

 Protect the confidentiality of data


 Preserve the integrity of data
 Promote the availability of data for authorized use

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all
security programs. Information security professionals who create policies and procedures
(often referred to as governance models) must consider each goal when creating a plan to
protect a computer system.

The principle of information security protection of confidentiality, integrity, and availability


cannot be overemphasized:

Integrity Models

Integrity models keep data pure and trustworthy by protecting system data from intentional or
accidental changes. Integrity models have three goals:

 Prevent unauthorized users from making modifications to data or programs


 Prevent authorized users from making improper or unauthorized modifications
 Maintain internal and external consistency of data and programs

An example of integrity checks is balancing a batch of transactions to make sure that all the
information is present and accurately accounted for.
Availability Models

Availability models keep data and resources available for authorized use, especially during
emergencies or disasters. Information security professionals usually address three common
challenges to availability:

 Denial of service (DoS) due to intentional attacks or because of undiscovered flaws in


implementation (for example, a program written by a programmer who is unaware of
a flaw that could crash the program if a certain unexpected input is encountered)
 Loss of information system capabilities because of natural disasters (fires, floods,
storms, or earthquakes) or human actions (bombs or strikes)
 Equipment failures during normal use

Some activities that preserve confidentiality, integrity, and/or availability are granting access
only to authorized personnel, applying encryption to information that will be sent over the
Internet or stored on digital media, periodically testing computer system security to uncover
new vulnerabilities, building software defensively, and developing a disaster recovery plan to
ensure that the business can continue to exist in the event of a disaster or loss of access by
personnel.

b) Computer security, also known as cyber security or IT security, is the protection of information
systems from theft or damage to the hardware, the software, and to the information on them, as
well as from disruption or misdirection of the services they provide while Integrity, in terms of data
and network security, is the assurance that information can only be accessed and modified by those
authorized to do so.

c. i) A cracker is a term used to describe someone who intentionally breaches security to break into
someone else's computer or network for a malicious purpose. Many people mistakenly use the term
hacker to describe someone who breaks into computer systems for their own agenda, usually to
cause harm.

ii) A hacker is actually a term used to describe a computer programmer with advanced knowledge
of computers and computer networks. A hacker finds weaknesses in a computer or a network so
that they can be corrected.

iii) Data tampering refers to entering false, fabricated, or fraudulent data into the computer or
changing or deleting existing data. This type of threat is orchestrated by insiders. It can cost
organizations a great deal of money.

iv) Identity theft is the stealing of another person's social security number, credit card number, or
other personal information for the purpose of borrowing money, making purchases, and running up
debts.

Security defences

i) Encryption is a method for securing data by using special mathematical algorithms to


convert the data into scrambled code before transmission. The data is decoded when an
authorized user accesses it.
ii) A firewall is hardware or software designed to keep threats and unintended visitors
from accessing a private network. A firewall is like a security officer standing guard at a
gate.
iii) Anti- virus software is a program that prevents, detects and removes computer viruses,
adware and spyware, horses, worm and Trojan.
iv) Spyware is a small computer program stored in the user’s hard drive that collects the
user’s habits and transmits that information to the third party without the user’s
consents. Anti-spyware is used to detect the spyware and thus remove it from the
computer systems.

You might also like