Blog Trust IT

¿What should we do to secure an information system?

In information security there are 3 mainly principles that must be implemented to guarantee any information system meets minimal security requirements. These principles are:

 

– Confidentiality

– Integrity

– Availability

 

In most security literature there are also 2 additional concepts which are:

 

– Autenticity

– non-repudiation

 

But, what does each of these principles security mean?

 

– Confidentiality: It is the process that guarantees the information of a system can not be read, modified and processed by an unauthorized element.

 

– Integrity: It is the process that guarantees information of a system is reliable and accurate

 

– Availability: It it the process that guarantees access to a service or information of a system at any time

 

– Authenticity: It is the process that guarantees the correct identification of people, devices, interfaces, data and processes.

 

– Non-repudiation: The non-repudiation is a security service that allows prove the execution of a process (transactions, communications, etc).

 

For example:

non-repudiation at source: The issuer can not deny that it sent the message because the recipient has evidence of the shipment

non-repudiation at destination: The receiver can not deny it received the message because the sender has proof of reception.

 

It is very important to implement these principles to ensure the security of a system.