Up until now the buzz words; cybersecurity, internet security and information security have all been used in some form or the other, be it technology articles, news detailing cyber-attacks, and of course by government officials. This article gives insight into what information security really entails.
First-off, the terms IT Security, internet security, computer security, cybersecurity and information security all mean the same, obviously, differences between these terms only starts to come into play when focusing particularly on the terms. For instance, internet security would mean security geared solely towards the internet as oppose to computer security geared towards security implemented entirely for computer systems.
Information Security easily put is assuring CIA for information systems. CIA (not CIA as in Central Intelligence Agency) in full means confidentiality, integrity and availability. By confidentiality, we mean ensuring a certain level of privacy and secrecy is attained while using information systems. Classic example, this function is always found extensively in government operations. Imagine the consequences if a country or organization is able to intercept and eavesdrop on communication going on between key individuals in another country or organization. The confidentiality function allows for organizations in this example to hide or obscure its sensitive communication, this can be easily achieved through encryption. Thereby keeping its top-secret information and data secure.
Integrity on the other hand finds a great deal of application in financial institutions among other industries. Integrity assures that unauthorized modification of information is prohibited. For example, imagine how it would be if you had the ability to change how much you have in your bank account and how unnerving it would be if someone outside your bank had the ability to remove or delete a couple of zeros from your account balance. Assuring integrity means all unauthorized modification to data is denied, only modification authored by authorized personnel, in this case a bank official is allowed.
Third and not the least, the Availability factor. This is the most overlooked functionality in security, words like DDOS (distributed denial of service), business continuity and disaster recovery are used very often in this domain. Availability mandates that when access is needed to computer systems, it is granted in a timely and predictable manner.
A good example would be the likely DOS currently ongoing as of writing this article on the Canadian immigration website in light of the outcome of the 2016 US election. This is likely as a result of too many connections requests to the Canadian immigration website, it responds by providing very delayed or denied response. This condition trumps the availability function security is meant to provide. So an individual that requires access to the Canadian website would be denied, imagine the impact no-access would have on high-availability systems like e-commerce websites, such as Konga and Jumia.
In conclusion, security means all efforts that is, technology, processes and people that in some fashion is geared towards attaining any or all of the three fundamentals of security for information systems.
Author: Seyi Ajiboye