In information security there are 3 mainly principles that must be implemented to guarantee any information system meets minimal security requirements. These principles are:
In most security literature there are also 2 additional concepts which are:
But, what does each of these principles security mean?
– Confidentiality: It is the process that guarantees the information of a system can not be read, modified and processed by an unauthorized element.
– Integrity: It is the process that guarantees information of a system is reliable and accurate
– Availability: It it the process that guarantees access to a service or information of a system at any time
– Authenticity: It is the process that guarantees the correct identification of people, devices, interfaces, data and processes.
– Non-repudiation: The non-repudiation is a security service that allows prove the execution of a process (transactions, communications, etc).
non-repudiation at source: The issuer can not deny that it sent the message because the recipient has evidence of the shipment
non-repudiation at destination: The receiver can not deny it received the message because the sender has proof of reception.
It is very important to implement these principles to ensure the security of a system.