What we mean when we refer to the term “security” is a function of the perspective and context of usage. For the ordinary person, security simply means that data does not get into the wrong hands. For a security expert, it would be something more complex than that. Nevertheless, four aspects are essential in any security system: ensuring system availability, its integrity, its confidentiality, and a system wherein access to the system can be confirmed and linked to an individual without any doubt (non-repudiation).
If you run a security system, you would need to ensure that only that only authorized users can have access to or manipulate data by using ratified procedures and methods. In this regard, there are methods and procedures that you need to put in place so that only such persons can access and manipulate data in the systems. Information is valuable only if it is correct and not tampered with in any way. For instance, if you intend to send an online money transfer of $100 but someone tampers with the system so that you send $10,000, it could have significant consequences.
Hashing of data—while seemingly a term that you may have not heard of—is one of the most common methods to protect data integrity. To determine the integrity of the data you receive, you hash the data and compare it with the original message’s hash. A more convenient method of ensuring data integrity is by employing digital signatures such as GPG.
Downloading of apps and data over “https” is also a good way of ensuring data integrity. By downloading data over https you are sure that your connection is safe from hackers and cybercriminals who cannot have access to the encrypted connection.
Confidentiality is the principle of preventing or protecting data or tools from getting into the hands of unauthorized persons. In an ideal world, only persons who have authority to access data, information or application would access it.
In the modern world, keeping sensitive information confidential is of critical value to you. All of us have critical information ranging from government documents, trade secrets, credit card numbers, personal information and bank account statements that need to remain confidential. The protection of such data is thus a critical and fundamental principle of information security.
You could ensure the confidentiality of your data by implementing access control lists and file permissions that will restrict access to sensitive data. However, an essential component of ensuring confidentiality is through encrypting your data. Encrypting data ensures that only persons with a key can have access to information. Encryption is a very common and essential practice that you need to adopt whenever you are sending data over unsecure networks.
An excellent method of encrypting data is the use of a Virtual Private Network (VPN). A VPN encrypts data thus offering secure transfer or access to data between two points. It encrypts data between the web browser and the web server using the Secure Sockets Layer (SSL) Protocol. Check out these recommendations on the best deals that will encrypt your data transfers so they are nearly impossible to crack.
One of the worst nightmare in a security system is when authorized users of a system are unable to access it when they need to. Information is only valuable if you can access it when required. The denial of access to users because of hackers altering the database of a system is a very common occurrence. The most recent is the Hollywood Presbyterian Medical Center ransomware attack that used Distributed Denial of Service (DDOS) attack that made information on the hospital’s database inaccessible. However, availability is not only as a result of malicious intent. Natural disasters and accidents such as floods and power outages can cause a lack of availability.
One of the most effectual means of that you can use to ensure that your data is always available is through having backups of data. When you have regular off-site backup of data, you can significantly reduce the losses from natural disasters or damage to hard drives. Moreover, it is important that you have a redundancy system in place for information that is highly critical. Having an offsite backup such as cloud storage ready to restore lost functionalities, will significantly reduce downtime caused by emergencies.
If you need a secure system, you need to have a means of ensuring that all user action on the system is traceable to the identity of a specific user. You could accomplish this with automated audit logs, and systems that record persons who changed a record or who received or sent a message. Critically you also need to have a system that can protect authorized users from accusations of performing actions on the system if they are not responsible for such actions.
While your organization might not be large enough to need digital signatures, they are the most effective means of non-repudiation. If you were to use digital signature, you would need a cipher that converts readable text into encrypted cipher text that is unintelligible to any unauthorized user. However, the recipient of the message must have a cryptographic tool that decrypts the text back into the readable format and hence this might not be applicable for all organizations.
All organizations need to prove that persons are who they claim to be. The most common means of authenticating user identity is through something that proves their identity, such as a fingerprint, something they have, such as a smartcard, or something they know, such as a password. Through authorization, you can determine if a certain user has the mandate to perform given activities on the system, such as running a program or reading a file.
Authorization and authentication are inseparable, as users need authentication before they can perform the actions they have authority to do. The combination of these is what forms the basis of non-repudiation, as you link persons to aspects of identification and authorization that are unique to them.
With hacking of systems becoming increasingly common, it is more important than ever that you take steps to protect your systems. However, you still need a system that makes your data accessible when needed through having a redundancy system, maintaining its integrity and confidentiality through encryption or hashing of data, and lastly having an efficient system for non-repudiation that ensures that all actions on the system are traceable to authorized persons.
Join the conversation. Which security systems are you using? Is it working for you?