This document discusses the critical characteristics of information from a textbook on information security. It identifies seven key characteristics that provide value to information: availability, accuracy, authenticity, confidentiality, integrity, utility, and possession. Each characteristic is then defined in one or two paragraphs. The document also discusses components of an information system, balancing information security and access, and top-down and bottom-up approaches to implementing information security.

1. Principles of Information Security,
Fifth Edition
Chapter 1
Introduction to Information Security
Lesson 2 - Critical
Characteristics of Information

2. Learning Objectives
Upon completion of this lesson, you should be able to:
◦ Define key terms and critical concepts of
information security
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 2

3. Critical Characteristics of
Information
The value of information comes from the
characteristics it possesses:
◦ Availability
◦ Accuracy
◦ Authenticity
◦ Confidentiality
◦ Integrity
◦ Utility
◦ Possession
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 3

4. Availability
- enables authorized users—people
or computer systems to access
information without interference or
obstruction and to receive it in the
required format.
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 4

5. Accuracy
- Information has accuracy when it
is free from mistakes or errors and
has the value that the end user
expects. If information has been
intentionally or unintentionally
modified, it is no longer accurate.
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 5

6. Authenticity
Authenticity of information is the
quality or state of being genuine or
original, rather than a reproduction or
fabrication. Information is authentic
when it is in the same state in which it
was created, placed, stored, or
transferred.
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 6

7. Confidentiality
Information has confidentiality when it
is protected from disclosure or
exposure to unauthorized individuals or
systems. Confidentiality ensures that
only users with the rights and privileges
to access information are able to do so.
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 7

8. Integrity
Information has integrity when it is
whole, complete, and uncorrupted. The
integrity of information is threatened
when it is exposed to corruption,
damage, destruction, or other
disruption of its authentic state.
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 8

9. Utility
The utility of information is the quality
or state of having value for some
purpose or end. In other words,
information has value when it can serve
a purpose.
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 9

10. Possession
The possession of information is the
quality or state of ownership or control.
Information is said to be in one’s
possession if one obtains it,
independent of format or other
characteristics.
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 10

11. CNSS Security Model
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 11

12. Components of an
Information System
Information system (IS) is the entire set of people,
procedures, and technology that enable business
to use information.
◦ Software
◦ Hardware
◦ Data
◦ People
◦ Procedures
◦ Networks
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 12

13. Balancing Information Security
and Access
Impossible to obtain perfect information
security—it is a process, not a goal.
Security should be considered a balance between
protection and availability.
To achieve balance, the level of security must
allow reasonable access, yet protect against
threats.
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 13

14. Approaches to Information
Security Implementation: Bottom-
Up Approach
Grassroots effort: Systems administrators attempt
to improve security of their systems.
Key advantage: technical expertise of individual
administrators
Seldom works, as it lacks a number of critical
features:
◦ Participant support
◦ Organizational staying power
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 14

15. Approaches to Information
Security Implementation: Top-
Down Approach
Initiated by upper management
◦ Issue policy, procedures, and processes
◦ Dictate goals and expected outcomes of project
◦ Determine accountability for each required action
The most successful type of top-down approach
also involves a formal development strategy
referred to as systems development life cycle.
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 15

16. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 16