IT-Security

    "Binary code" by Christiaan Colen is licensed under CC BY-SA 2.0

How exactly is information security realized?

















1 Confidentiality:

Refers to the access to data
Can no unauthorized third parties read the data?

  • Only persons who are authorized get access to the data
    →During transport, storage and processing of data
  • Data is not modified or read by unauthorized persons

Typical measures:

> Encryption
> Data Classification Policy
       »Three risk classifications: public, internal, confidential
> Access controls (Building and room security)
> Room monitoring
> Locking offices and computers during breaks, after regular working time and before leaving workplace
> Permission controls (Read and write permissions)
> Securing computers against theft


2 Integrity:

Refers to the data itself
Is the data unchanged and complete?

  • The data is unchanged and complete
  • It must not be possible to change data unrecognized or unnoticed
    →Data changes must be traceable

Typical measures:

> Cryptographic checksums
> Permission controls


3 Availability:

Refers to the access to data
Is the data available to authorized persons when needed?

  • Ensures that systems and data are available
  • Minimizing the risk of system failures

Typical measures:

Redundancy
Data backups
> Important data should be stored in fire protection areas



4 Authenticity:

Refers to the persons involved
Is the author/reader of the data actually the person authorized?

  • Verification of the origin of the data
  • Verification of the author of the data
  • Verification of the reader of the data
    Especially refers to documents that are transmitted electronically
  • Authenticity can be checked on the basis of unique identities and characteristic properties

Typical measures:

Authentication
       » Username / Password
       » Fingerprint verification
       » Facial recognition (Face ID)
> Digital signature


5 Non-repudiation:

Refers to the persons involved
Is it possible to prove that the author/reader was the author/reader even if he/she wants to deny it?

  • Ensures that all actions cannot be denied later by the parties involved
    →To guarantee the legally binding nature of transactions carried out
  • Legally binding nature of electronically performed business transactions, e-commerce, e-business

Typical measures:

Digital signature
Audit trail/log


6 Legal liability:

Refers to the traceability of data

Is it possible to prove data and processes in a legally binding form?

  • Guarantee that data and processes can be legally proven to third parties at any time
         →Transparency (traceability)
         →Reversibility and prevention of false deniability
         →Proof of assured properties (assurance)
         →Requirement for auditability

Last modified: Wednesday, 3 March 2021, 10:35 AM