Information security is accomplished through compliance
to a number of security principles.
There is debate in the field about the number of security principles
and their nature, but there are some established and less debated
principles to understand.
- Confidentiality
- Confidentiality is the principle of protecting information from
disclosure to unauthorized entities. Access control, and cryptographic
encryption of data over a network or on a storage device are common
techniques for achieving confidentiality.
- Integrity
- Integrity is the principle of protecting information against improper
modification. You can detect if data has been tampered with by using message
digests or checksums that are computed from data at two different
times, such as at either ends of a transmission.
- Authenticity
- Authenticity is the principle of certifying the identity of a
party. Digital certificates and certificate authorities are commonly
used to identify and prove the claimed identity of a participant in
an information transaction.
Tip: Secure Sockets Layer (SSL), the underpinning
of the Hypertext Transfer Protocol Secure (HTTPS), achieves all three
principles.