Principles of Confidentiality, Integrity and Availability of
Information
Information Security
The information systems are used for our personal use as well as many major and small business
information are held on the computer systems therefore keeping the information secure is crucial. The
information needs to be only available to the people who have access to it but protected from those
who could damage the data and cause data breaches. Information security is all about making sure that
the information and the data stored are protected against the unauthorised access and avoiding data
breaches. There are different types of information security and I will be explaining three main principles
of that apply to the information security such as the Confidentiality, Integrity and Availability.
Confidentiality
The principle of Confidentiality is the protection of the information in the system should only be
accessible to the people who are authorised to access the information and protected from the
unauthorised person from accessing it. Every business organisation regardless of their size they have to
store all the confidential information about every customer, employees and other business related
information and this information should be secured so that anyone who is not authorised to access this
information can not see it. Specially the military and the government organisation need to keep the plans
and capabilities secret from their enemies so that it does not get in their hands and use it against them.
For the business organisations, they have to limit the people or employees who have the access of the
data therefore the management will make decisions and regulate the policy to the employees about the
data that they have access to. It is a benefit for the management of the business for choosing the
employee who have access to the data because if an unforeseen incidents happen or if the data gets
corrupt or missing then it would be easier for the manager to see who is responsible for the sabotage
that has occurred. And also to ensure that the employee that are chosen to have the access to this
private information should not be allowed to work on it outside the business environment in order to
prevent the data breach. Confidentiality must be well defined with the procedures for maintaining the
confidentiality should be carefully implemented by the organisations. An important aspect of the
confidentiality is the user identification and authentication. The confidentiality of the information on the
computers is achieved using encryption which makes it unreadable to anyone who is not authorized to
have the access to it. On the operating system have the access controls that allows the system users to
be identified by their username, authenticated by their password or biometrics and authorised by the file
access permission granted by the the system administrator in order to keep the data secure. The threats
, to the confidentiality which are commonly encountered are hackers, unauthorized user activity, trojan
horse and unprotected downloaded files.
Integrity
The integrity of the data on the computer system means that the information is accurate and complete
and also the protection of the information system from malicious and accidental unauthorized changes.
There are challenges of the security program to ensure that the data is maintained in the state that is
expected by the IT users, however the security program cannot improve the accuracy of the data that is
put into the system by the computer users which can help ensure that any changes are intended and
correctly applied. It is a critical requirement for the commercial such as credit reporting systems, payroll
systems or medical prescription system as well as the government such as air traffic control or military
fire control systems, data processing to ensure that the integrity of the data in order to avoid fraud and
errors and as it is essential therefore, no user will be able to modify the data in a way that would end up
corrupting or losing the assets or financial records. Same like confidentiality, integrity can be conciliated
by the hackers or unprotected downloads and unauthorised users activities because each of these
security threats can lead to an unauthorized changes to the information or data. The Hashing is a way to
check the integrity of the digital files and a hash means a number produced by applying a hashing
algorithm to the file. Also the digital signatures and certificates also provide integrity to the data on the
systems by providing assurance that an email is from the person from whom it appears to be. The digital
signature also provide non-repudiation as do operating system features such as the audit logs which
show which particular user accessed a file and when. The user should also make sure that they do not
enter any out of date information or inaccurate information as this can impact the integrity of the
database.
Availability
The availability simply means that the useful information must be available to those people and systems
who need to have access to it and are only accessible to the authorized users whenever it is needed,
therefore the system managers or the person in charge of the management systems must take steps to
ensure that the information systems to provide the required and correct information to the users. The
systems have high order of the availability which ensures that the system operates as expected when
needed by the users and it also ensures that the backup processing by including hot and cold sites in the
disaster recovery planning. The organisations will decide what level of availability they will need for their
computer systems therefore, for some companies will decide monday to friday from 9am to 6pm and
other companies they will need for 24hours, 365 days of availability of systems. Also they will decide
how long the organisation can survive without its systems in of case of system failure ir a disaster such
as flood or fire and to increase the availability of the system, the organization has to remove any single
point of failure from the system which they can achieve through Disc redundancy, Backup, Server
Information
Information Security
The information systems are used for our personal use as well as many major and small business
information are held on the computer systems therefore keeping the information secure is crucial. The
information needs to be only available to the people who have access to it but protected from those
who could damage the data and cause data breaches. Information security is all about making sure that
the information and the data stored are protected against the unauthorised access and avoiding data
breaches. There are different types of information security and I will be explaining three main principles
of that apply to the information security such as the Confidentiality, Integrity and Availability.
Confidentiality
The principle of Confidentiality is the protection of the information in the system should only be
accessible to the people who are authorised to access the information and protected from the
unauthorised person from accessing it. Every business organisation regardless of their size they have to
store all the confidential information about every customer, employees and other business related
information and this information should be secured so that anyone who is not authorised to access this
information can not see it. Specially the military and the government organisation need to keep the plans
and capabilities secret from their enemies so that it does not get in their hands and use it against them.
For the business organisations, they have to limit the people or employees who have the access of the
data therefore the management will make decisions and regulate the policy to the employees about the
data that they have access to. It is a benefit for the management of the business for choosing the
employee who have access to the data because if an unforeseen incidents happen or if the data gets
corrupt or missing then it would be easier for the manager to see who is responsible for the sabotage
that has occurred. And also to ensure that the employee that are chosen to have the access to this
private information should not be allowed to work on it outside the business environment in order to
prevent the data breach. Confidentiality must be well defined with the procedures for maintaining the
confidentiality should be carefully implemented by the organisations. An important aspect of the
confidentiality is the user identification and authentication. The confidentiality of the information on the
computers is achieved using encryption which makes it unreadable to anyone who is not authorized to
have the access to it. On the operating system have the access controls that allows the system users to
be identified by their username, authenticated by their password or biometrics and authorised by the file
access permission granted by the the system administrator in order to keep the data secure. The threats
, to the confidentiality which are commonly encountered are hackers, unauthorized user activity, trojan
horse and unprotected downloaded files.
Integrity
The integrity of the data on the computer system means that the information is accurate and complete
and also the protection of the information system from malicious and accidental unauthorized changes.
There are challenges of the security program to ensure that the data is maintained in the state that is
expected by the IT users, however the security program cannot improve the accuracy of the data that is
put into the system by the computer users which can help ensure that any changes are intended and
correctly applied. It is a critical requirement for the commercial such as credit reporting systems, payroll
systems or medical prescription system as well as the government such as air traffic control or military
fire control systems, data processing to ensure that the integrity of the data in order to avoid fraud and
errors and as it is essential therefore, no user will be able to modify the data in a way that would end up
corrupting or losing the assets or financial records. Same like confidentiality, integrity can be conciliated
by the hackers or unprotected downloads and unauthorised users activities because each of these
security threats can lead to an unauthorized changes to the information or data. The Hashing is a way to
check the integrity of the digital files and a hash means a number produced by applying a hashing
algorithm to the file. Also the digital signatures and certificates also provide integrity to the data on the
systems by providing assurance that an email is from the person from whom it appears to be. The digital
signature also provide non-repudiation as do operating system features such as the audit logs which
show which particular user accessed a file and when. The user should also make sure that they do not
enter any out of date information or inaccurate information as this can impact the integrity of the
database.
Availability
The availability simply means that the useful information must be available to those people and systems
who need to have access to it and are only accessible to the authorized users whenever it is needed,
therefore the system managers or the person in charge of the management systems must take steps to
ensure that the information systems to provide the required and correct information to the users. The
systems have high order of the availability which ensures that the system operates as expected when
needed by the users and it also ensures that the backup processing by including hot and cold sites in the
disaster recovery planning. The organisations will decide what level of availability they will need for their
computer systems therefore, for some companies will decide monday to friday from 9am to 6pm and
other companies they will need for 24hours, 365 days of availability of systems. Also they will decide
how long the organisation can survive without its systems in of case of system failure ir a disaster such
as flood or fire and to increase the availability of the system, the organization has to remove any single
point of failure from the system which they can achieve through Disc redundancy, Backup, Server
