Theories

 Over the years information security has held confidentiality, integrity and availability also known as **CIA** to be the core principles of information security. **Confident ﻿ iality **  [|Confidentiality] is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a [|credit card] [|transaction] on the Internet requires the [|credit card number] to be transmitted from the buyer to the merchant and from the merchant to a [|transaction processing] network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a [|laptop computer] containing sensitive information about a company's employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information. Confidentiality is necessary for maintaining the [|privacy] of the people whose personal information a system holds. **Integ ﻿ rity ** In information security, integrity means that data cannot be modified undetectably. This is not the same thing as [|referential integrity] in [|databases], although it can be viewed as a special case of Consistency as understood in the classic ACID model of [|transaction processing]. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality. **Avail ﻿ ability ** For any information system to serve its purpose, the information must be [|available] when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. [|High availability] systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing

Information Security is protecting infromation and information systems from unauthorized access, unauthorized users. Also by protecting disclosure, disruption, modifications, of personal information, recording and destruction of information.

The ma in role of Information Technology (IT) is to acuire, process, store and disseminate vocal, pictorial, textual and numerical information.
 * DOLLS ( Diversity, Oscuirity, Limiting, Layering, Security)**

Diversity is mainly practiced by requiring multipe and different types of passwords and authentication methods.

Obscurity referring to a principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security. A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them. Limiting the process by which a specified characteristic (usually amplitude) of the output of a device is prevented from exceeding a predetermined value. Limiting can be done by restricting physical access and priveleges (access, delete, modify, read, root, write). Layering helps one describe the practice of leveraging several different point security solutions, filtering systems, and monitoring strategies to protect information technology resources and data. Simplicity aimed at keeping the usability of systems simple and accessible. This is primarily aimed at simplifying management tools.



Undrstanding a Computer

Composed of 5 main components. Hardware, Software, Information, People, Procedures    Security Threat Framework  Asset, Exploit, Risk, Threat, Threat Agent, Vulnerability Stages of Information Security  Stored, Processed, Transmitted