The security principle for information system is a triad which will be discussed in future. In addition to this triad, there are principles for maintaining and securing the information systems.
These principles are applied over the entire system development process and the security. Is enforced in the system. Information system security requirements should be based on
Data Confidentiality
This prevents the readability of sensitive information and disclosure of such information to unauthorized recipients by controlling measures. In other words, people who have authorized permission are allowed to access the confidential information. Whereas the other unauthorized parties are prevented from information access.
Data Integrity
Establishing the assurance of modification, alteration, change of information is done in a definite and legal means. It also refers to the process assuring the consistency and validity of data over its lifecycle. Data integrity improves the reusability and maintainability of information increasing the stability and performance of Information Systems.
System availability
System availability is the probability of a system that functions under normal operating conditions. It assures authorized users to access the information and resources of the system during a specific time.
System configuration
Based on well-defined security guidelines and authorization of users, the system or the network’s configuration are changed accordingly. Information Systems have their own configuration functions to let administrators or users to change their system configuration. The security requirements are to be satisfied and this is followed by security services like,
Authentication
It is used to verify the identity of a particular user during any type of access in the system.This type of identity is generally authenticated based on what a user knows (e.g., a password), what a user has (e.g., a hardware computer-readable token), or what a user is (e.g., a fingerprint). Only if the password, token or fingerprint is valid, the user will be allowed to access the system and its related resources. An unmatched password, token or fingerprint denies access and the person is declared to be illegitimate.
Authorization
It is used to grant permission to authorized users to accomplish a determined set of activities. It also specifies access rights and privileges to the resources related to Information Security. During this process, the system verifies for its authenticated user’s identity and either grants or denies access to information resources.
Auditing
It accounts each invoking operation in addition to the identity of the subject performing it and the object acted upon. Conducting a Security audit mechanism is very essential in Information Systems so as to increase its competence.
Non-repudiation
Non-repudiation is a legal perception which is a broadly used service in Information Security Systems that delivers the proof of data origin and data integrity. It makes use of digital signatures to sustain the integrity of a given message along with the creator’s identity protecting a subsequent attempt in denying user’s authenticity
Click here to READ MORE about Cyber Security
