Pesante (2008), There Are Three Basic Security Essay

Pesante (2008), there are three basic security threat parameters important to information on the Internet: "confidentiality," "integrity," and "availability." In addition, Pesante addresses three particular concepts that are related to the people to whom information is made available to who need this information for their work in the organization and can be trusted with it: "authentication," "authorization" and "non-repudiation." I think that it is very important to high or very high security requirements in all six areas. Companies should take advantage of all existing opportunities, both in the technical and the non-technical, social / personal area to ensure the highest possible level of information security within their organization. Whereas technical mechanisms are primarily needed to reduce risks resulting from an attack external to the organization, social and personal counter-measures need to be implemented, if the primary source of attack is expected to be internal (see Boran. 1999, p. 6).

Confidentiality: A loss of confidentiality occurs when information is read or copied by someone not authorized to do so. Not only the banking and loan and debt collection business but also in the area of research data, medical and insurance records, corporate investment strategies, and related spheres (see Pesante, p. 1). I consider identification and authentication procedures, access control, secure information exchange and reliability of premier countermeasures against loss of confidentiality. When users or programs communicate with each other, the two parties should need to verify each other's identity, so that they know who they are communicating with. The information transmitted to each other should strictly adhere to expected levels of authenticity, confidentiality and non-repudiation. (See Boran, p. 6).

Integrity: Integrity is of particular importance for critical safety and financial data used for activities such as electronic funds transfers, air traffic control, and financial account. In order to prevent a loss of integrity, i.e., unauthorized changes made to information, whether by human error or intent, companies should ensure that a secure network is available.I n order to protect data against unauthorized manipulation, deletion or other forms of handling, there should integrity-oriented security measures in place, such as a set of access control rules. ). Implementation of accountability and audit trail measures might work very well in this context. Companies need to know who did what, when and where. Under such security measures, users would be responsible and accountable for their actions. Automatic audit trail monitoring and analysis would help to detect security breaches (see Boran, p. 6). I would also recommend the implementation of measures for social/personal interface. For example, organizational roles, responsibility and procedures are required to insure that policies are implemented. Furthermore, companies should implement a security policy that serves as a preventive mechanism for protecting important company data and processes (see Boran, p. 6). A security policy serves as an invaluable tool to communicate a coherent security standard to users, management and technical staff. Such a system should include: information security education of users, managers and system administrators, tools enabling users to implement that policy, strong safeguards, such as passwords and screen locks, person authentication measures, inquisitiveness, monitoring/auditing.

Availability: A loss of availability refers to a situation where people in an organization who are authorized to get information cannot get what they need. Availability is of particular importance in service-oriented businesses depending on information, such as for example, airlines and online inventory systems (see Pesante, p. 1). In order to make sure that information and services are available when needed, companies may implement coordinated counter-measures such as: physical security (access control, secure destruction of media, resource isolation). Companies should make sure that reliability measures (backups, redundancy, hot spares, clusters, RAID, maintenance contracts, off-site duplicates, contingency planning) are in place (see Boran, p. 5).

Authentication: Authentication means the act of proving that a user is the person he or she claims to be (Pesante, p. 2).….....