PRINCIPLES OF INFORMATION SECURITY
Н.В., Гуляева Е.А.
металлургическая академия Украины
concepts. This article considers the core principles
of the modern information security issues. It is proposed to extend three
principles of a well-known triad CIA by two more ones, Authenticity and
During last years information
security concludes confidentiality, integrity and availability (also known as
the CIA triad) which are main principles of information security. Today there
are lots of debates whether to limit security by these three components or to
extend this trio. As an addition some programmers and scientists propose, e.g.
accountability to be included .
In 2002, Donn Parker offered an
alternative model for the classic CIA4 triad which was called "six atomic
elements of information". Under his conception confidentiality,
possession, integrity, authenticity, availability, and utility should be
present in the list. Here we will regard the model CIAAN consisting of six
Confidentiality is the
term which one uses to prevent the disclosure of secure information to
unauthorized individuals or systems. As an example we may consider a credit
card transaction on the Internet. The credit card number and other data have to
be transmitted from the buyer to the merchant and vice versa. At the beginning
of the operation the system tries to enforce confidentiality by encrypting the
card number during transmission by limiting the places where it might appear
and also by restricting access to the places where it is stored. Breaches of
confidentiality take many forms from permitting a person to look at your screen
operations to naive allowance a third side to learn your data. Though
confidentiality is necessary but not sufficient for saving the privacy of the
person or persons whose personal information a system stores.
Confidentiality can sometimes
add a sense of protection for the client. When confidentiality of company data
is compromised the company may be subjected first to an increase in clients who
refuse to view the site as trustworthy anymore and it may also mean a decrease
in overall business profits. For example, clients may begin to resort to other
websites to find what they were able to on the former site. Clients tend to
pursue these actions for “safer” transactions.
. In the modern information field
this term means that data cannot be changed undetectably. Integrity is violated
when a message is actively modified in transit. Information security systems
usually provide message integrity as the addition to data confidentiality.
Integrity is possession of
great morals, every company should be able to provide
authenticity. In information systems this means that all data stays unchanged,
untouched and never modified or altered.
information must be available when it is needed. This means that the computing
systems storing and processing information as well as the security controls
which have to protect it together with channels of communication must be
functioning correctly. The demands to the high availability systems are : remain available at all times, preventing service
disruptions which are caused by power outages, hardware failures and system
upgrades. Ensuring availability also involves preventing denial-of-service
Availability conveys that when
clients need this service it is available. It assures the client that they will
have continual access to services. Availability delays may also bring forth
ruins of a company reputation.
Authenticity . In the
modern e-business and information security it is necessary to be sure that the
data communications, documents and transactions electronic or physical have a
high security level and the sides are identically the ones they say to be.
law, non-repudiation implies one's intention to fulfill their obligations to a
contract. It also implies that both parties of a transaction are responsible
for information exchange. E- commerce uses technology
such as digital signatures and public key encryption to establish authenticity
company may take is ensuring that confidential information is not easily
accessible to unauthorized users (firewall) or only disclosing confidential
information to employees or third parties when it is extremely necessary. For
integrity anti-virus software, regular scanning for viruses, firewall,
intrusion detectors, and other software are to be used.
The company also should be
aware of any suspicious intrusion acts or even the use of anti-virus software,
and regular installation of updates and patches for operating systems.
B. "Applied Cryptography" - John Wiley & Sons, Inc., 1996.
S., Cardwell N., Wetherall D., Anderson
T. "TCP Congestion Control with a Misbehaving Receiver" // ACM
Computer Communications Review, Vol. 29, No. 5, pp. 71-78, October 2012.
Maier.Knowledge Management Systems : Information and
Communication Technologies for Knowledge Management, 2014