Scaling API-first – The story of a global engineering organization
Chapter 1 - Lesson 2.pptx
1. Principles of Information Security,
Fifth Edition
Chapter 1
Introduction to Information Security
Lesson 2 - Critical
Characteristics of Information
2. Learning Objectives
Upon completion of this lesson, you should be able to:
◦ Define key terms and critical concepts of
information security
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 2
3. Critical Characteristics of
Information
The value of information comes from the
characteristics it possesses:
◦ Availability
◦ Accuracy
◦ Authenticity
◦ Confidentiality
◦ Integrity
◦ Utility
◦ Possession
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 3
4. Availability
4
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION
- enables authorized users—people
or computer systems to access
information without interference or
obstruction and to receive it in the
required format.
5. Accuracy
5
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION
- Information has accuracy when it
is free from mistakes or errors and
has the value that the end user
expects. If information has been
intentionally or unintentionally
modified, it is no longer accurate.
6. Authenticity
6
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION
Authenticity of information is the
quality or state of being genuine or
original, rather than a reproduction or
fabrication. Information is authentic
when it is in the same state in which it
was created, placed, stored, or
transferred.
7. Confidentiality
7
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION
Information has confidentiality when it
is protected from disclosure or
exposure to unauthorized individuals or
systems. Confidentiality ensures that
only users with the rights and privileges
to access information are able to do so.
8. Integrity
8
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION
Information has integrity when it is
whole, complete, and uncorrupted. The
integrity of information is threatened
when it is exposed to corruption,
damage, destruction, or other
disruption of its authentic state.
9. Utility
9
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION
The utility of information is the quality
or state of having value for some
purpose or end. In other words,
information has value when it can serve
a purpose.
10. Possession
10
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION
The possession of information is the
quality or state of ownership or control.
Information is said to be in one’s
possession if one obtains it,
independent of format or other
characteristics.
12. Components of an
Information System
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 12
Information system (IS) is the entire set of people,
procedures, and technology that enable business
to use information.
◦ Software
◦ Hardware
◦ Data
◦ People
◦ Procedures
◦ Networks
13. Balancing Information Security
and Access
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 13
Impossible to obtain perfect information
security—it is a process, not a goal.
Security should be considered a balance between
protection and availability.
To achieve balance, the level of security must
allow reasonable access, yet protect against
threats.
14. Approaches to Information
Security Implementation: Bottom-
Up Approach
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 14
Grassroots effort: Systems administrators attempt
to improve security of their systems.
Key advantage: technical expertise of individual
administrators
Seldom works, as it lacks a number of critical
features:
◦ Participant support
◦ Organizational staying power
15. Approaches to Information
Security Implementation: Top-
Down Approach
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 15
Initiated by upper management
◦ Issue policy, procedures, and processes
◦ Dictate goals and expected outcomes of project
◦ Determine accountability for each required action
The most successful type of top-down approach
also involves a formal development strategy
referred to as systems development life cycle.