Blog Trust IT

¿What should we do to secure an information system?

In information security there are 3 mainly principles that must be implemented to guarantee any information system meets minimal security requirements. These principles are:


– Confidentiality

– Integrity

– Availability


In most security literature there are also 2 additional concepts which are:


– Autenticity

– non-repudiation


But, what does each of these principles security mean?


– Confidentiality: It is the process that guarantees the information of a system can not be read, modified and processed by an unauthorized element.


– Integrity: It is the process that guarantees information of a system is reliable and accurate


– Availability: It it the process that guarantees access to a service or information of a system at any time


– Authenticity: It is the process that guarantees the correct identification of people, devices, interfaces, data and processes.


– Non-repudiation: The non-repudiation is a security service that allows prove the execution of a process (transactions, communications, etc).


For example:

non-repudiation at source: The issuer can not deny that it sent the message because the recipient has evidence of the shipment

non-repudiation at destination: The receiver can not deny it received the message because the sender has proof of reception.


It is very important to implement these principles to ensure the security of a system.