Information security is essential to the information, the people involved in the data and the devices handling or transacting the info. Hence, there are concepts of information security to help manage information systems concerning the risks of loss or theft, usage, processing, transmission and storage of the information. It is crucial for organizations, therefore, to implement the basic concepts of information security to ensure the protection of their information and information systems (Whitman et al., 2021). The primary and vital information security concepts are; integrity, confidentiality and integrity. These three concepts of information security work in different applications, but together they ensure protected and efficient information and information systems.
The three major information security concepts describe information security needs in different circumstances. For instance, information security integrity guarantees that information and its respective programs are changed only on authorized and specified directives. Integrity ensures that information is kept consistent in both bookkeeping and electronic files for storage. Information integrity improves information’s degree of accuracy because few to no unauthorized changes have been made to it. Management controls are often put in place to ensure the integrity of information is adhered to (Yee et al., 2021). For example, a task that faces possible fraudulent acts is divided into several parts to be handled by different people. The different parts require signing off to allow the next step to occur. An example is purchasing office equipment divided into orders, receiving and paying for the equipment. This approach is referred to as the separation of duty.
Confidentiality entails exercising control over who gets to read information and who does not. Information confidentiality is required to keep sensitive and confidential information from being disclosed or shared with unauthorized parties. The information may involve national security; hence, it should not be shared or reach the nation’s enemies or could be a person’s personal private information. For example, the United States’ information confidentiality policies often revolve around national security concerns. Information on national security has been deemed highly valuable due to the broad scope of threats and attacks possible to the country (Andress, 2019). The confidentiality controls used by the military include the use of automated mechanisms which handle all critical military information. Moreover, the information is classified into different levels in isolated compartments, requiring specific levels of clearance to access the information.
Availability of information security is based on the assurance that only authorized information users are allowed continued use and access to information and information systems. Information availability is required to ensure that information and information systems work efficiently and that no service is not denied to approved users. General information availability also ensures enough response time and guaranteed bandwidth for authorized information users (Tchernykh et al., 2019). For security reasons, the availability of information also involves protection against damage or loss and the possibility of recovery in case of loss or theft. Organizations are encouraged to frequently assess their information systems for risks and develop plans to avert and help in recovering information and systems rendered unavailable. Furthermore, efficiently and effectively working computer systems that allow for routing long-distance calls and meetings and automated medical systems promote the availability of information.
Information assurance, AI, is concerned with providing information and information systems protection and management of possible risks. In order to achieve information assurance, organizations must adopt a wide range of information security controls. The security controls should cover information processing and transmission in the information system in transit and electronic and physical storage locations (Muller et al., 2020). Implementing information assurance over cybersecurity measures is that IA is much broader with a more comprehensive strategic focus entailing information security, processing and analysis of non-digital and digital data information systems and information. Adequate information assurance stands on the pillars of availability, confidentiality, integrity, non-repudiation and authenticity.
Confidentiality is a principle of IA that restricts access to information systems and information to only authorized users. This is done through system modification which gives access to authorized users, usually with given clearance levels (Yan et al., 2020). After restricting access, it is essential to ensure that information users’ and devices’ identities are validated through authentication procedures. These procedures may include using biometrics such as fingerprints and face recognition. This is the principle of authenticity.
Maintaining information accuracy and consistency is easier when information confidentiality and authenticity are upheld. This is the principle of the integrity of information during its lifecycle. When information is kept consistent, it enables easy access, which brings about the IA principle of information availability (Utomo et al., 2020). Availability of information ensures that authorized users quickly access information and its systems and that the systems work efficiently without frequent hiccups. Lastly, IA promotes information non-repudiation by ensuring that the transmission and communication process is smooth. Non-repudiation is enhanced by keeping information systems up-to-date.
In conclusion, information security covers network, application, cloud and Internet of Things security. Hence, it entails protecting all these areas to close loopholes for cyber-attacks. Information assurance protects information in networks, the cloud, applications and the Internet of Things from disasters such as server failures.
References
Andress, J. (2019). Foundations of Information Security: A Straightforward Introduction. No Starch Press.
Muller, S. R., & Lind, M. L. (2020). Factors in information assurance professionals’ intentions to adhere to information security policies. International Journal of Systems and Software Security and Protection (IJSSSP), 11(1), 17-32.
Tchernykh, A., Schwiegelsohn, U., Talbi, E. G., & Babenko, M. (2019). Towards understanding uncertainty in cloud computing with risks of confidentiality, integrity, and availability. Journal of Computational Science, 36, 100581.
Utomo, R. G., Wills, G., & Walters, R. (2020). A framework for factors influencing the implementation of information assurance for e-Government in Indonesia. International Journal on Advanced Science, Engineering and Information Technology, 10(3), 1025-1034.
Whitman, M. E., & Mattord, H. J. (2021). Principles of information security. Cengage learning.
Yan, A., Hu, Y., Cui, J., Chen, Z., Huang, Z., Ni, T., … & Wen, X. (2020). Information assurance through redundant design: A novel TNU error-resilient latch for harsh radiation environment. IEEE Transactions on Computers, 69(6), 789-799.
Yee, C. K., & Zolkipli, M. F. (2021). Review on Confidentiality, Integrity and Availability in Information Security. Journal of ICT in Education, 8(2), 34-42.