Beruflich Dokumente
Kultur Dokumente
Confidentially
In simple terms, confidentiality means something that is secret and is not supposed to
be disclosed to unintended people or entities.
Confidentiality ensures that sensitive information is accessed only by an authorized
person and kept away from those not authorized to possess them.
Everyone has information which they wish to keep secret. Thus, protecting such
information is an important part of information security.
1|Page AJ
Secret
A message
B
c
Fig – Confidentially
This figure represents the secret message is send from A to receive by B, but the actual
message is read by another person C.
Integrity
Integrity means that when a sender sends data, the receiver must receive exactly the
same data as sent by the sender.
Data must not be changed in transit. For example, if someone sends a message
“Hello!”, then the receiver must receive “Hello!” That is, it must BE exactly the same
data as sent by the sender. Any addition or subtraction of data during transit would
mean the integrity has been compromised.
Note that the changes in data might also occur as a result of non-human-caused
events such as an electromagnetic pulse (EMP) or server crash, so it’s important to
have the backup procedure and redundant systems in place to ensure data integrity.
c
Fig – Integrity
2|Page AJ
In above diagram, A send some data to B but loss of integrity by C means actual
transaction has been changed.
Availability
A B
C
Fig – Availability
Authentication
In the context of computer systems, authentication is a process that ensures and
confirms a user’s identity. Authentication is one of the five pillars of information
assurance (IA).
Authentication begins when a user tries to access information. First, the user must
prove his access rights and identity. When logging into a computer, users commonly
enter usernames and passwords for authentication purposes. This login combination,
which must be assigned to each user, authenticates access.
A better form of authentication, biometrics, depends on the user’s presence and
biological makeup (i.e., retina or fingerprints). This technology makes it more difficult
for hackers to break into computer systems.
3|Page AJ
A I am user A B
C
Fig - Authentication
Non-repudiation
Nonrepudiation is the assurance that someone cannot deny something.
Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a
communication cannot deny the authenticity of their signature on a document or the
sending of a message that they originated.
Fig - Non-repudiation
Access-control
Network access control (NAC) is an approach to network management and security
that enforces security policy, compliance and management of access control to a
network.
It is a network solution that enables only compliant, authenticated and trusted
endpoint devices and nodes to access network resources and infrastructure.
It also monitors and controls their activity once they are on the network.
Network access control is also known as Network Admission Control (NAC).
4|Page AJ