Information Security

Information security(infosec), is the practice of protecting information by mitigating information risks like

• unauthorized/inappropriate access to data
• unlawful use
• disclosure
• disruption
• deletion
• corruption
• modification
• inspection
• recording
• devaluation of information

Information security’s primary focus is efficient implementation of the CIA triad without hampering organization productivity.

CIA

Confidentiality

The information is disclosed to unauthorized individuals, entities, or processes.

Integrity

The data cannot be modified in an unauthorized or undetected manner.

Availability

The information must be available when it is needed, high availability system must prevent service disruptions due to power outages, hardware failures, and system upgrades.

Non-Repudiation

It implies that author of the action can not later deny having performed the action, e.g. send the message.

AAA

AAA refers to a common security framework for mediating network and application access.

Authentication

The act of verifying a claim of identity.

Authorization

Once authentication process is completed, the authorization process will determine what informational resources they are permitted to use.

Accounting

Accounting measures the different aspects of usage of informational resources that users consume during their activity. Usage information is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities.

Reference

• Wikipedia: Information security
• Wikipedia: AAA

---