Information Security

Recommend this page to Google

Since the dawn of civilization, man has created an elaborate set of protocols and mechanisms to address information security issues. Often these protocols and mechanisms concerned information stored in documents. Among such mechanisms are laws, seals, correspondence, and the structure of the document itself. A set of Laws make it a crime for an employee to leak confidential information regarding his company. A university’s seal certifies that the diploma is original. It is a crime to print a fake university diploma. The human resources department of a company can call the university and ask them to verify if the applicant has indeed received a diploma from them. The paper money we use is very difficult to counterfeit, yet it is relatively easy to spot a counterfeit. Based on this fact, the structure of the document, in this case the paper money itself certifies its authenticity.

For centuries, the preferred medium of storing information was the printed paper. Information was transferred by transporting the paper. Today, the bulk of information is stored and transmitted electronically. Yet the printed paper still retains its value. We still sign contracts on paper and use paper money, checks, coupons, etc. What has changed dramatically is our ability to make exact copies of documents and alter information contained within them. Thanks to computers, we can print thousands of identical copies of a document. Therefore, it is very important to be able to verify electronic information.

In electronic media, a person’s identification is his personal data. Information such as you name, date of birth, social security number, passport number, maiden name, etc. Generally, when a person’s identity is verified, it is verified against this information. If a person gets hold of this information, he can assume your identity. He can apply for credit cards and use them in your name. This is called identity theft. It is a crime and it is also a victim’s worst financial nightmare.

Despite of all the changes, which have occurred since the dawn of information age, the basic principles of information security remain the same. Following are some basic concepts.

Access Control: limiting access to resources to authorized entities
Anonymity: hiding the identity of an entity
Authorization: giving authority to do something to an entity
Certification: Endorsement of information by a trusted entity
Confidentiality (Privacy): Keeping information secret from everyone with the exception of those who are authorized to see it.
Confirmation/Receipt: acknowledgement of reception of something.
Data Integrity: Assurance that information has not been modified by unauthorized means.
Identification: validating identity of an entity (person, user, etc.)
Message Authentication: validation of the information source
Non-repudiation: prevention of denial of previous commitments of actions
Ownership: Certification that an entity has a legal right to a resource
Revocation: retraction of certification or authorization
Signature: a means of binding information to entity
Validation: the process by which the integrity and correctness of data are established

Please feel free to publish this article, free of charge, as long as this resource box is visibly published. Copyright Nazim Rahman (c) --------------

Your rating: None Average: 3 (1 vote)