Business Security Blog

The three most fundamental principles regarding the protection of important on the Internet can be listed as privacy; reliability; and accessibility.

Authentication, authorization, and non-repudiation are some of the key concepts related to people accessing information. It is important to remember that the copying or reading of information by an unauthorized user is a direct example of a loss of confidentiality. Obviously, confidentiality and privacy is a priority for many types of information. Take research data for example. Or medical records. Or even insurance records. From a company perspective, the protection of new product specifications is of vital importance. And the same applies to highly classified corporate investment plans and strategies.

There are certain circumstances, and certain locations, where there is actually a legal obligation to protect the privacy of individuals. This is certainly true when it comes to entities like banks, loan companies, credit reporting agencies, debt collection agencies, tax collecting agencies, and businesses that issue out credit cards or credit for existing customers. The same can be said about hospitals, doctors’ offices and laboratories that conduct medical testing, as well as any organization that provides any form of psychological assessments, counselling, or treatments, including drug addiction treatments.

As mentioned above, the risk of corruption of information is all too real when it is present on insecured network. Whenever information is tampered with and modified in unauthorized ways, the repercussion can be defined as an attack on the integrity of the network. Integrity is of vital importance when dealing with information on networks that deal with safety or financial data. Examples of these include activities like the electronic transfers of currency, air traffic control, and financial book-keeping.

Accessibility is another crucial concern in the world of effective IT security. The fact of the matter is that without proper security, important information can be erased or corrupted and become inaccessible. The result of a loss of availability of important information can deal a crippling blow to any organization. For example, people who are authorized to get information cannot get what they need. Moreover, availability of information is often the most important attribute in any service-oriented business relying on information. A relevant example of this can be seen through consideration of things like airline and bus schedules as well as common online inventory systems.

To make information available to those who are authorized and trusted to access it, it is required that organizations operate a system of authentication and authorization. Such a system can verify the identity of the user. Examples of these systems include things that only a specific user may know. This can include a password or a pin number. Authorization can be defined as the process of determining whether a particular user (or computer system) has the authority to perform a particular action. This can include things like reading a computer file or executing a program. Users must be authenticated before carrying out the activity they are authorized to perform.