文档介绍:�������
��
�������� ��������
�� ������� �
��
�������� ��������
The issue of information security and data privacy is assuming tremendous importance among
anizations, particularly in an environment marked puter virus and terrorist attacks,
hackings and destruction of vital data owing to natural disasters. [1] When es to information
security, panies fall somewhere between two extreme boundaries: complete access and
complete security. pletely puter is one that is not connected to work and
physically unreachable by anyone. puter like this is unusable and does not serve much of a
practical purpose. On the other hand, puter plete access is very easy to use, requiring
no passwords or authorization to provide any information. [2] Unfortunately, having puter with
complete access is also not practical because it would expose every bit of information publicly,
from customer records to financial documents. Obviously, there is a middle ground4this is the art
of information security.
The concept of information security is centered on the ponents:
Integrity: gathering and maintaining accurate information and avoiding malicious modification
Availability: providing access to the information when and where desired
Confidentiality: avoiding disclosure to unauthorized or unwanted persons
For an information system to be secure, it must have a number of properties:
[3] service integrity. This is a property of an information system whereby its availability,
reliability, completeness and promptness are assured;
data integrity. This is a property whereby records are authentic, reliable, complete, unaltered
and useable, and the processes that operate on them are reliable, compliant with regulatory
requirements, comprehensive, systematic, and prevent unauthorized access, destruction, alteration
or removal of records. These requirements apply to machine-readable databases, files and archives,
and to manual records;
data secrecy .