Difference between revisions of "Information Security"

Revision as of 01:43, 23 April 2016

Information Security is the process of protecting information from unintended access by others. The methodologies for protecting information varies based on the type of information being protected, to whom the information currently belongs, and how the information could potentially be utilized by others.

Concern with the security of information has become more concentrated with the proliferation of electronic information storage mechanisms, and subsequently with the spread of information in an online environment. ^[1] These mediums of information transportation have both helped and hindered the process of data protection. For instance, by allowing information to be encrypted and decrypted in a complex manner when being transferred from one point to another, data can be protected in a more robust way. Conversely, the ease with which information can be copied and disseminated without expressed consent of the information-holder can cause it to be used in nefarious ways.

Protecting bits and bytes can have as much of a real-world impact as protecting physical objects.

Conceptual Overview

Protecting private information is important to ensure that information is both reliable and confidential. When information is not protected in most formats, it can be tampered with causing inaccuracies or discrepancies. If the information is valuable and is not protected, it can be distributed to parties that could cause harm to it in some way. The CIA Model of Information Security (Confidentiality-Integrity-Availability) ^[2] is a fundamental way of describing the steps necessary for protecting information.

The CIA Model of Information Security consists of three components for correctly protecting information.

Information Confidentiality

The process of ensuring that information is available only to those who are authorized to view it. Disclosure of parts, or the entirety of sensitive information can harm those to whom the information belongs, as well as the inherent value of the information itself. Authentication methods IDs, passwords, pons, etc, reinforces what confidentiality is good for.

Information Integrity

Also called information reliability, it is of the utmost importance that information is accurate, up-to-date, and complete for those who plan to use it. Protecting information against unwanted modification or destruction is a significant part of securing information.

Information Availability

Providing access to protected information in both a timely, reliable manner helps those who are monitoring it and using it to discover issues or changes in the information itself.

Information Security and Privacy

As an important subtopic or derivative motivating force behind information security, information privacy compels many companies, governments, and people alike to consider the implications of lax security measures. Regardless of the context or scale, the degree to which information is accessible to a given audience is directly representative of its vulnerability and by extension, its inherent security (or that of its external system) and ability to defend against intrusions. Bolstering superior defensive measures not only amounts to better technology, but can contribute to improved customer satisfaction, less server down time, and the opportunity to enhance a network’s interoperability without fear of unwarranted exploitation. Striking the right balance between the open and closed nature of an information system is equally critical for common business concerns as it is for the concurrent necessity of keeping its security in the best condition possible.

Information Security and Electronic Storage

The advent of data-transfer via electronic means on the internet has shifted the focus of information security from physical protection (protecting the actual medium the information is stored on) to a more broad definition of what protection means. Prior to computerization of data, often the easiest way to protect information was to reduce access to the physical medium on which the information was kept. This could be done by managing who could access the stored mediums where the information was kept (ie. determining who could access a filing cabinet with important paperwork). The low-cost of information replication in an electronic format, and the difficulty of identifying who is viewing information has greatly changed the ways in which information needs to be protected.

Access Controls

The foremost step in identifying who a potential information user is before allowing them to view or manipulating data in an electronic environment. ^[3] Creating profiles of a user's identity can be a first step in allowing them access to sensitive information. These profiles can then be protected with unique passwords that allow data-protection systems to authenticate their identity before allowing them to access information. An individual's behavior while using information can also be monitored by connecting their actions to a unique profile.

Data Encryption

Information can be protected when it is being transferred from point-to-point by using processes to encrypt, or jumble, the data while in transit, and then re-assemble it upon arrival at its destination. Also called cryptography, the process of encrypting and decrypting data between two points using a shared key is a way of providing information security. ^[4]

Ethics of Information Privacy (Under Construction, 4/22/2016)

Determining social expectations for protecting information is a societal-wide undertaking. Without a common notion of what protecting information entails, an individual's personal data can easily face unnecessarily jeopardizing circumstances. Generally, protecting important personal information is a necessity defined by society at large. As a result of these common beliefs surrounding information security, the current practice in most Western societies is that companies and individuals must jointly undertake the responsibility of protecting an individual's personal information in order to prevent it from being misused.

It is also important to note that protecting information is not merely carried out on a one-time basis when data is created or stored; ideally, it is an iterative process that takes places throughout an information object’s entire lifetime. As the shape and composition of an information article is subject to change over time, the methods by which it is protected are also liable to the same type of evolutionary change.

Individual Information Privacy

The security of an individual's personal information is inextricably tied to their personal privacy. When an individual interacts with other parties using their private information, especially in the online environment, it is hard to guarantee that this information will retain its original integrity. Companies have a legal obligation within the United States to provide the protection of their customers’ personal information during a business transaction, especially when conducted in an online environment.^[5]

See Also

• Cyber Law
• Information Ethics
• Information Transparency
• Online Identity
• Online Identity Theft
• Virtual Environment

References

1. ↑ National Institute of Standards and Technology: Information Security http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf
2. ↑ Information Systems Security Association: CIA Information Security Model http://www.issa.org/images/upload/files/Parker-Simplistic%20Information%20Security%20Model.pdf
3. ↑ Handbook of Information Security: Access Controls http://www.cccure.org/Documents/HISM/001-002.html
4. ↑ [1] Harold Joseph, H. (1997). Data encryption: A non-mathematical approach. Computers & Security, 16(5), 369-386. doi:10.1016/S0167-4048(97)82243-2
5. ↑ U.S. Governmental Printing Office: Electronic Code of Federal Regulations http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=a273032f4545305b53bd3b788739f586&tpl=/ecfrbrowse/Title16/16cfr681_main_02.tpl

(back to index)