When do you call a piece of information as secure? One BIG question, three timeless prinicples. Information or for that matter data is said to be secure if it satisfies three information security pricniples. These principles popularly known as CIA, confidentiallity, Integrity and Availability apply irrespective of the technology platform, the size of organziation etc. I am discussing what these principles actually mean and how they apply to your organization.

Confidentiality - Confidentiality means preventing sensitive information from being disclosed to unauthorized recipients. Unauthorized disclosure of information may happen through intentional release, misapplication of rights etc. Such unauthorized disclosure of information may cause financial loss, public embaressment, or put the organization under legal liability.

Integrity - Integrity refers to changing information resources only in a specifed and authorized manner. Let me put it in other words, integrity simply is to ensure that data remains consistent and changes to data are authorized by appropriate personnel. In case of lack of integrity, there is always a risk that information may be accidentally or intentionally manipulated.

Availability - Availability ensures that systems operate as required and authorized users are not denied service. To put it in a layman's language, availability means systems are available when needed and computing resources can be accessed by auhtoirzed users at all times. Lack of availability of information systems may result in missed oppurtunities or interruption of operations.

More on Information Security >>

Protocols , Buffer Overflow Attack , Denial of Service Attack