The security of an information system depends on the following factors:

  • Confidentiality
    Information must be disclosed only to the right people
  • Integrity
    Information must be modified only by the right people
  • Availability
    Information must be available to the right people

Collectively, these are known as the CIA-triad.

Sometimes you’ll see accountability as a fourth factor.

There are two different ways of looking at the properties of an information system through the security lens:

  1. Security features are features whose sole purpose is enforcing some aspect(s) of security
  2. Secure features are all features, security or otherwise, that are designed and implemented in such a way as not to compromise security

The former is usually referred to as information security, while the latter is known as application security or software security.

Next: Confidentiality


Please Join the Discussion

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s