# it-e-51 Concept of Information Security

The issue of information security and data privacy is assuming tremendous importance among
global organizations, particularly in an environment marked by computer virus and terrorist attacks,
hackings and destruction of vital data owing to natural disasters. [1] When it comes to information
security, most companies fall somewhere between two extreme boundaries: complete access and
complete security. A completely secure computer is one that is not connected to any network and
physically unreachable by anyone. A computer like this is unusable and does not serve much of a
practical purpose. On the other hand, a computer with complete access is very easy to use, requiring
no passwords or authorization to provide any information. [2] Unfortunately, having a computer with
complete access is also not practical because it would expose every bit of information publicly,
from customer records to financial documents. Obviously, there is a middle ground this is the art
of information security.
The concept of information security is centered on the following components:
Integrity: gathering and maintaining accurate information and avoiding malicious modification
Confidentiality: avoiding disclosure to unauthorized or unwanted persons
For an information system to be secure, it must have a number of properties:
[3] service integrity. This is a property of an information system whereby its availability,
reliability, completeness and promptness are assured;
data integrity. This is a property whereby records are authentic, reliable, complete, unaltered
and useable, and the processes that operate on them are reliable, compliant with regulatory
requirements, comprehensive, systematic, and prevent unauthorized access, destruction, alteration
or removal of records. These requirements apply to machine-readable databases, files and archives,
and to manual records;
data secrecy . This is a property of an information system whereby information is available
only to those people authorized to receive it. Many sources discuss secrecy as though it was only
an issue during the transmission of data; but it is just as vital in the context of data storage and
data use;
authentication. Authentication is a property of an information system whereby assertions
are checked. Forms of assertion that are subjected to authentication include:
"data authentication", whereby captured data's authenticity, accuracy, timeliness,
completeness and other quality aspects are checked;
"identity authentication", whereby an entity's claim as to its identity is checked.

This applies to all of the following:
the identity of a person;
the identity of an organizational entity;
the identity of a software agent; and
the identity of a device.
"attribute authentication", whereby an entity's claim to have a particular attribute is
checked, typically by inspecting a "credential". Of especial relevance in advanced
electronic communications is claim of being an authorized agent, i.e. an assertion by a
person, a software agent or a device to represent an organization or a person.
Non-repudiation. This is a property of an information system whereby an entity is unable
to convincingly deny an action it has taken.
There is a strong tendency in the information systems security literature to focus on the
security of data communications. But security is important throughout the information life-cycle,
i.e. during the collection, storage, processing, use and disclosure phases, as well as transmission.
Each of the properties of a secure system identified above needs to be applied to all of the
information life-cycle phases.

1, tremendous  [tri'mendəs]
a. 巨大的,惊人的

2, malicious  [mə'liʃəs]
a. 怀恶意的,恶毒的

3, disclosure  [dis'kləuʒə]
n. 揭发,败露

4, promptness  [prɔmptnis]
n. 机敏，敏捷；迅速

5, whereby  [(h)wєə'bai]
Powered by Hydejack v6.6.1