Data and information protection comprise the third and most important pillar of a sound cyber security strategy. It is crucial to consider the ‘CIA triad’ when considering how to protect our data. The three-pillar approach to cyber security This is the third and final article in a series addressing the three-pillar approach to cyber security. The first two pillars are ‘people’ and ‘process’, The last pillar is ‘data and information’. Data and information protection is the most technical and tangible of the three pillars. The data we gather comes from multiple sources, such as information technology (IT), operational technology (OT), personal data and operational data. It must be properly managed and protected every step of the way. What is the CIA triad?When we discuss data and information, we must consider the CIA triad. The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security. The three components of the CIA triad are discussed below:
Stability, availability and securityAvailability is a major challenge in collaborative environments, as such environments must be stable and continually maintained. Such systems must also allow users to access required information with little waiting time. Redundant systems may be in place to offer a high level of fail-over. The concept of availability can also refer to the usability of a system. Information security refers to the preservation of integrity and secrecy when information is stored or transmitted. Information security breaches occur when information is accessed by unauthorized individuals or parties. Breaches may be the result of the actions of hackers, intelligence agencies, criminals, competitors, employees or others. In addition, individuals who value and wish to preserve their privacy are interested in information security. The CIA triad describes three crucial components of data and information protection which can be used as guides for establishing the security policies in an organization. Establishing and maintaining the organization’s security policies can be a daunting task, but using the three-pillared strategic approach to cyber security can help you identify and manage cyber security risks in a methodic and comprehensive manner.
Data confidentiality is about protecting data against unintentional, unlawful, or unauthorized access, disclosure, or theft. Confidentiality has to do with the privacy of information, including authorizations to view, share, and use it. Information with low confidentiality concerns may be considered "public" or otherwise not threatening if exposed beyond its intended audience. Information with high confidentiality concerns is considered secret and must be kept confidential to prevent identity theft, compromise of accounts and systems, legal or reputational damage, and other severe consequences. Examples of data with high confidentiality concerns include:
Consider the following when managing data confidentiality:
When managing data confidentiality, follow these guidelines:
B2B Advanced Communications provides a multi-layer approach to securing messages and other data with identification, authentication, authorization, confidentiality, data integrity, and non-repudiation. The security management functions include these commonly accepted aspects of security: Identification and authentication Identification is the ability to identify uniquely a user of a system or an application that is running in the system. Authentication is the ability to prove that a user or application is genuinely who that person or what that application claims to be. Authorization Authorization protects critical resources in a system by limiting access only to authorized users and their applications. It prevents the unauthorized use of a resource or the use of a resource in an unauthorized manner. Confidentiality The confidentiality mechanisms protect sensitive information from unauthorized disclosure. Data integrity and nonrepudiation The data integrity and nonrepudiation mechanisms detect whether unauthorized modification of data occurred.Security mechanisms are standards that are used to ensure secure operations and communications. A mechanism might operate by itself, or with others, to provide a particular service. Some of the security mechanisms that are used by B2B Advanced Communications to keep your data secure are:
B2B Advanced Communications also provides these methods that you can use to secure your data:
These are some effective security methods in B2B Advanced Communications:
|