With the advanced rapid growth of technology within computer networks and multiple business organizations during the last few decades and unpredictable growth of using Internet, and the growth in security attacks of users also increased. Amount of data stored in storage devices, electronic media and cloud storage have immensely increased in past few years. The increase in usage of information technology has increased the privacy and security of business and project procedures and in personal use of data. Security principles enable primitive measures which are needed to protect data by providing building blocks of security. Security vulnerabilities regularly misuse infringement of these standards. Great security arrangements or countermeasures take after these standards. At some point few overlaps, and a few be tension between standards and policies. More for the most part, checklists are valuable for security. These standards can be connected at numerous levels, e.g., in source code of an application, between applications on a machine at OS level, at network level, inside an organization, between organizations (Fruhlinger, J., n.d.).
The fundamental goal of any business organization to protect its business data is by using security principles. Security principles provide the best way to protect the data by giving basic guidelines that should be considered to secure the system. The basic goal of any information security principle is to answer questions by determining confidentiality of information and how data can be maintained with integrity. There are many basic principles to protect data in information security. The primary principles are confidentiality, integrity, accountability, availability, least privilege, separation of privilege, and least common mechanisms. The most common security principle is CIA triad with accountability. Each principle is having its own procedure to protect data by means of anyway. The Four basic security principles are discussed below with example, respectively.
Confidentiality is occasionally referred to as the principle of least privilege, which means that users ought to be given best sufficient privilege to perform their responsibilities, and no more. Some different synonyms for confidentiality you may come across consist of privateers, secrecy, and restraint. Confidentiality fashions are in general supposed to make sure that no unauthorized get right of entry to facts is permitted and that accidental disclosure of touchy records is not feasible. Common confidentiality controls are consumer IDs and passwords (Ghahrai, A.,2019). There are many examples of confidential information like personal bank account details like bank account number, account statement, credit card numbers, and personal details of bank clients. The employees in bank should be maintain confidentiality of bank customers PII personal identifiable information data. If confidentiality of bank customers compromise it might lead to complete loss to users and bank also. Because attacker can easily encrypt and stole data by using brute force attack, password cracking and dumpster diving to attack on bank account details of customers. To ensure confidentiality of data all customers must use two factor authentication and strong username and passwords.
Integrity is also referred as trustworthiness completeness and correctness of information. As well as the proper preservation of data with only having authorized modification of information. In many ways, information security integrity is not only to integrity of information. Itself but also to maintain the origin, the source code of any data. Integrity has controls like preventive mechanism which prevent unauthorized modification do the original data. And integrity is also having other mechanism that is detective mechanism controls which detect unauthorized modification If there is any fail in preventive mechanism. Integrity ensures data correctness of data between sender and receiver and data which is on transit (Ghahrai, A.,2019). Example of integrity’s man in the middle attack which takes place in data in transit. When a sender and receiver is having the transmission of data between themselves, third person enters the transmission. To capture the data packets and replace them into the original transmission. By manipulating the actual data he then, gains access to complete transmission. This kind of attacks lead to them compromise your integrity between two entities. Data integrity is compromised in many ways like human errors unintentional data manipulation, physical compromises to the devices. The best way to have integrity is by using hashing techniques.
Availability enables the ability of the users to access any important data at any point of time. Availability make sure to predict timely and uninterrupted access to a system. Availability counter measures to protect data which gives data system availability from malicious attacks likes distributed of denial attack, natural are manmade disasters. Availability keep system data and resources available for only authorized use and makes data available during emergencies like disasters. there are challenges do availability like denial of service and because of undiscovered mistakes during implementation of process. Other challenge is lots of valuable information and sensitive information Because of natural disaster like floods, earthquakes. And any equipment failure (Ghahrai, A.,2019). The basic example of loss availability do an attacker is denial of service attack. In this denial of service attack resources become unavailable to the legitimate users find degrade the performance of the system the attack is done by hitting the same target machine with multiple requests at the same time. This makes the targeted system overload with request and then system fails not even system crashes due to overloaded request by attacker and system may not respond. This can be avoided by having extra security equipment like firewall, proxy servers against attackers.
And other important principle of information security is accountability. Accountability refers to the possibility of praising each action and event in time do the users with systems Hard process that perform to enable reliable actions for each task. Accountability is created by logging into each event with the complete information from the user which also include date time network address and other information That could help to identify the condition Which caused an event. Events are audited with the help of network facilities which monitors every action from lowest levels. A system is not considered as secure system if it does not provide accountability for each task because it would be difficult today to mine who is responsible for specific task under system without the safeguard. In information systems reliable accountability is provided by audit trails and system logs (Roberta Bragg., 2002). The best example of accountability is at workplace in business organizations. Every employee in organization no matter what level of seniority is equally responsible in helping further success of company to achieve goals. It is important to have all employees work together to share accountability which makes more business more productive and efficient. Accountability can be increased by having biometric devices suggest fingerprints, retina scanners and having time and attendance software in workplace.
Thus, we recognize fundamental statistics on security concepts and standards for the sensitive information. additionally, walk through to essential elements that constitutes excellent security architectures and practices. Highlighted the significance of essential factors with their respective characteristics. Each security principle is very important to make data secure in every possible way. Systems cannot be completely dependent on both hardware and software, however, wishes to ensure each are tightly coupled with machine to safeguard sensitive information elements.
- Mark S. Merkow, & Jim Breithaupt. (2014, June). Information Security: Principles and Practices. https://ptgmedia.pearsoncmg.com/images/9780789753250/samplepages/0789
- Ghahrai, A. (2019, June 24). Confidentiality, integrity, and availability. DevQA.io – For Developers and QAs. https://devqa.io/confidentiality-integrity-availability/
- Fruhlinger, J. (n.d.). What is information security? Definition, principles, and jobs. CSO Online. https://www.csoonline.com/article/3513899/what-is-information-security-definition-principles-and-jobs.html
- Roberta Bragg, (2002, December) CISSP Security Management and Practices Retrieved from https://www.pearsonitcertification.com/articles/article.aspx?=30287&seqNum=2#:~:text=Figure%203.1%20Security’s%20fundamental%20principles%20are%20confidentiality%2C%20integrity%2C%20and%20availability.&text=Depending%20on%20the%20nature%20of,of%20importance%20in%20your%20environment