Information Technology Reference
In-Depth Information
Only authorized personnel may
disclose or observe information
or information resource
Information or information
resource is ready for use within
stated operational parameters
Information remains true to
the creators intent
Information or
information source
conforms to reality
Information or
information resource
remains in the custody of
authorized personnel
Only authorized
personnel may access
cost incurring services
(e.g. toll-fraud prevention)
Protect personal privacy and
adhere to relevant privacy
compliance requirements
Information is fit for a
purpose and in a usable state
Originator of message or transaction
may not later deny action
Figure 2.3
information assurance core principles.
check (CRC) is one method to ensure the integrity of transmission. Intentional
corruption may occur by changing key aspects of the data—perhaps adding a zero
to a bank transfer request, or modifying map coordinates for a military mission.
The use of encryption assists with integrity, especially the use of hashing. A hash
algorithm generates a numerical representation of the original message prior to
transmission. Upon receipt, the same hash algorithm generates a numerical rep-
resentation and is compared against the original. Any difference is a clue that the
integrity of the message is in question.
Availability ensures that information or information technology is ready for
use. A denial-of-service attack may target a server or application. If successful, this
attack renders that server or application unavailable.
Possession ensures the physical protection of an asset. Loss of possession may
be through carelessness (e.g., leaving the laptop on the train) or from theft. Physical
safeguards help to ensure possession.
Authenticity ensures that information actually conforms to reality, that the
information is not misrepresented as something it is not. Ensuring authenticity is
a safeguard against deception, falsehood, or imitation; for example, downloading
software that looks like it is from a reputable software vendor when indeed it is a
modified version that introduces malware to the organizational network.
Utility ensures the continued use of the information or information technol-
ogy. Though you remain in physical possession of the asset and the information
on the asset remains confidential, in its original form, and is available for use, the
asset may not be usable. For example, the use of hard drive encryption is growing
in popularity. Upon system start-up, the user enters a password that decrypts the
information on the hard drive. This safeguards against the disclosure of data if the
hard drive is stolen or lost. However, if the hard drive is encrypted and the pass-
 
Search WWH ::




Custom Search