Definition
Security
Security refers to the strategies, precautions, and tools used to ensure the confidentiality, integrity, and availability of information within an organisation or computer system.
The CIA Triad
The core objectives of information security are:
- Confidentiality: Ensuring that data is only accessible to those authorised to see it.
- Integrity: Ensuring that data remains accurate and corresponds to its intended state; only authorised users should be able to modify it.
- Availability: Ensuring that data and services are accessible when needed.
Security Concerns
- Authenticity: Verifying that an identity (user or process) is who it claims to be.
- Accountability: Ensuring that all actions within the system can be traced back to a specific actor (often via logging/auditing).
Types of Threats
Passive Threats
Involve monitoring or eavesdropping on information without the user’s knowledge (Violation of Confidentiality).
Active Threats
Involve the active manipulation of data or system states (Violation of Integrity and Availability).
- Interruption: Service becomes unavailable (e.g., physical destruction, overload).
- Interception: Unauthorised access to data.
- Modification / Fabrication: Unauthorised change or creation of data.
- Theft of Service: Unauthorised use of resources.
| Goal | Threat |
|---|---|
| Confidentiality | Exposure / Interception |
| Integrity | Modification / Fabrication |
| Availability | Denial of Service (DoS) |