Continuing my friendly look at jargon this month…
Know the jargon – #BeCyberSmart – Smart Thinking Solutions
…here are six words you must be thinking about – we do.
The best way to define a system as secure is that attackers are prevented from using unauthorised access to or use of computers and networks to achieve their objectives. In order to make the system secure, it is necessary to call upon the CIA (no not that CIA!).
CIA is an acronym for Confidentiality, Integrity and Availability and should be the cornerstone of your data protection.
Confidentiality is the prevention of unauthorised access and thus the disclosure of secret or sensitive information to an unintended audience.
Integrity is the prevention of unauthorised modification of information, keeping the information as it should be.
Availability is the ability to withstand unauthorised withholding of information or resources, in other words access is granted to those who need it.
Security policies come in two main forms:
- A set of rules to be followed to ensure security. Usually these are not very technical and can be imprecise in their wording to the extent that people can make mistakes. Sometimes there can be oversights when writing the policies and attackers can take advantage of these.
- A more technical and complete policy is a set of authorised or secure states and a set of unauthorised or insecure states. A secure system is by definition in an authorised state and cannot become an unauthorised state. A breach of security occurs when a system is in an unauthorised state.
Three more words now in relation to security:
Prevention is an aspect of the policy that cannot be ignored or violated. This can be a physical control such as a lock or barrier of some other kind, or it can be a system control such as a check on whether somebody is an authorised user.
Detection is determining that the policy has been violated.
Recovery is the reversion back to a secure state after the violation.
To be continued…
Diana Catton MBA – by line and other articles
