jump to navigation

Information Security, What to protect ? (Part-2) September 17, 2008

Posted by Abdurahman in technology.
Tags: ,
1 comment so far

After three key concept in my previous post. Now I will describe what the others concept to securing information.

4. Authenticity

in computing areas, you have to make sure that people who have access to certain information are eligible to access it. Username and Password are the basic things from this concept.

5. Non-repudiation

This is mean, you can’t denied any transaction written on the computer. For example, if you has bought something from popular E-commerce site, in the future you denied that you ever bought something from there. and this problem goes into the law, the court will ask for the log-file of your transaction as a proof. Log files can be used as a proof <– this is mean of non-repudiation. Nowadays, digital signatures are commonly used as part of non-repudiation.

6. Logical Security

Wider area to securing information. Like username and password before you login to your computer.

8. Physical Security

Commonly use of biometrics for authentication (e.g. Fingerprint reading, Voice Recognition etc..)

Advertisements

Information Security, what to protect? September 16, 2008

Posted by Abdurahman in technology.
Tags: , ,
1 comment so far

For some institution(business, government etc.) they need to secure their information from outside threat. This threat could be from anywhere. It can be from either from outside or inside. They are not trying to protect the hardware. When the hardware is broken or stolen, you still can find its replacement on the market; They also not trying to protect their software, its always can be reinstalled again, even it takes time. It is the information they were trying to protect. Information of their customer, civilian records, financial records. Most of it are stored within popular office format such as Word, Excel, Access or even in database like MySql, PostgreSQL, Oracle or any popular database vendors.

Here I’m trying to describe what is the key concept how to secure this kind of information.

1. Confidentiality

Confidentiality means that you are trying to protect some information from unauthorized access, such as hackers, crackers, and any people/subject that don’t have rights to access sort of information you have.

2. Integrity

Even it’s protected, you have to ensure that your information is not altered by mistake or accidents. So the information need to be authorized first before you can make some changes on it.

3. Availability

It’s useless if you are protected something but that information is not available to you when you need it.

 

Those key concept are well known as CIA concept. I will adding more key concept in my next post.