The concept of information security

Information security elements

 

Confidentiality: means preventing any unauthorized person from accessing another person's data.

 

Data integrity: Integration here means preserving data from modification or change by persons who are not authorized to access it, such as if a person intentionally or unintentionally accessed data that he was not allowed to access, as well as in the event that a virus infected the computer and modified its data , This is also a violation of completeness and lack of complete protection of the information.

 

Data availability: it means the availability of complete data when needed, so that it is correct and accurate information, not modified or incomplete, which makes the system elements work properly.

 

Information security threats

Viruses: They are small programs written in computer language that access and tamper with the data stored on it, including what may be hidden and cannot be seen and observed, and the source of viruses is from untrusted Internet sites and mail messages, and imitation programs that are not original, and these viruses may spread when using storage means Without making sure that it is free from viruses.

 

Disable service attack: It is an attack by a hacker or hacker in order to disable the server service in the network.

 

Attacking sent information: This is the process of intercepting messages sent from one party to another and tampering with them, such as e-mail messages.

 

Full Hacking Attack: controlling the victim's computer and tampering with all of its files and data.

Means of data protection

Among the simplest types of protection methods used are passwords, smart cards, and biological means, such as the use of fingerprints and eye flaps, the use of encrypted keys such as electronic locks, the development of anti-virus programs and the establishment of systems that detect and address intrusions, back up data after completion of every work we do, and the use of powerful systems To encrypt data and spread awareness among users of the Internet, all of these may be a means to ensure that no one has access to data and information, and these protections have provided a lot of security for institutions and companies that rely on the Internet and electronic devices and systems such as banks, universities, hospitals, military and security institutions.

 

The protection of information is characterized by being continuous, that is, it necessarily needs continuity in keeping pace with all that is developed in terms of safety and methods of protecting this information. It also requires continuity by imposing control over risks and assuming them. And the constant pursuit of permanent solutions and innovations, and thus the security information system is not launched, the real thing for any system belonging to any organization, unless it is effective and achieves continuity in keeping pace with security and technical operations to reach the least. Chance risk that her information may face.

 

There are several measures that are used to protect information, namely, Access control, Authentication, and Auditing, all of which are symbolized by the symbol (AAA), and all things are used daily to secure protection.

 

Access control: It uses various methods that prevent people from accessing the network or devices.

 

Validity verification: This is used to ensure that users are correct for the system or information.

 

Audit: Through this step, continuous assurance is made of the safety of information and that it is not subject to penetration, and hackers are discovered at any time.