Identifying someone through their physical characteristics is called biometrics.Ī more secure way to authenticate a user is to do multi-factor authentication. This factor identifies a user through the use of a physical characteristic, such as an eye-scan or fingerprint. The final factor, something you are, is much harder to compromise. When that identifying token is lost or stolen, the identity can be easily stolen. Identifying someone only by something they have, such as a key or a card, can also be problematic.
But this form of authentication is easy to compromise (see sidebar) and stronger forms of authentication are sometimes needed. In this case, the authentication is done by confirming something that the user knows (their ID and password). For example, the most common form of authentication today is the user ID and password. The most common way to identify someone is through their physical appearance, but how do we identify someone sitting behind a computer screen or at the ATM? Tools for authentication are used to ensure that the person accessing the information is, indeed, who they present themselves to be.Īuthentication can be accomplished by identifying someone through one or more of three factors: something they know, something they have, or something they are. Each of these tools can be utilized as part of an overall information-security policy, which will be discussed in the next section. In order to ensure the confidentiality, integrity, and availability of information, organizations can choose from a variety of tools. Other companies may not suffer if their web servers are down for a few minutes once in a while. Companies such as will require their servers to be available twenty-four hours a day, seven days a week. For example, a stock trader needs information to be available immediately, while a sales person may be happy to get sales numbers for the day in a report the next morning. Depending on the type of information, appropriate timeframe can mean different things. Availability means that information can be accessed and modified by anyone authorized to do so in an appropriate timeframe. Information availability is the third part of the CIA triad. Integrity can also be lost unintentionally, such as when a computer power surge corrupts a file or someone authorized to make a change accidentally deletes a file or enters incorrect information. An example of this would be when a hacker is hired to go into the university’s system and change a grade. Information can lose its integrity through malicious intent, such as when someone who is not authorized makes a change to intentionally misrepresent something. Just as a person with integrity means what he or she says and can be trusted to consistently represent the truth, information integrity means information truly represents its intended meaning. Integrity is the assurance that the information being accessed has not been altered and truly represents what is intended. The university must be sure that only those who are authorized have access to view the grade records. For example, federal law requires that universities restrict access to private student information. When protecting information, we want to be able to restrict access to those who are allowed to see it everyone else should be disallowed from learning anything about its contents. The security triad The Information Security Triad: Confidentiality, Integrity, Availability (CIA) Confidentiality
We will then follow up by reviewing security precautions that individuals can take in order to secure their personal computing environment.
Several different measures that a company can take to improve security will be discussed. We will begin with an overview focusing on how organizations can stay secure. In this chapter, we will review the fundamental concepts of information systems security and discuss some of the measures that can be taken to mitigate security threats. In order for a company or an individual to use a computing device with confidence, they must first be assured that the device is not compromised in any way and that all communications will be secure. IntroductionĪs computers and other digital devices have become essential to business and commerce, they have also increasingly become a target for attacks. If you are not required to use this edition for a course, you may want to check it out. Please note, there is an updated edition of this book available at. identify and understand the high-level concepts surrounding information security tools and.identify the information security triad.Upon successful completion of this chapter, you will be able to:
0 kommentar(er)
