Computer security is the protection provided by automated information systems to achieve the appropriate goals of preserving the integrity, availability, and confidentiality of information system resources.
- Security breaches occur when information
- It was deleted when it shouldn’t.
- Accessible by someone who shouldn’t
There are three principles of good computer security
Data Privacy and Ethics:
Data privacy, also known as a that includes an ethical and legal obligation to protect access to information
Information privacy, is a subcategory of personally identifiable data protection (PII), which is any information that can be associated with a specific person, and some examples of identifiable personal information include full name, address, social security number, and passport number.
Levels of impact of a security breach:
- Low: usually includes minor incidents, such as lost or stolen devices, that do not result in significant harm to the company or its customers
- Medium: usually includes incidents that result in a limited release of sensitive information, such as names, addresses, and emails.
- High: Serious incidents that lead to serious damage to the company and its customers, such as data theft, unauthorized access to sensitive systems, and more.
- Crucial: They are the most serious type of security incident, usually leading to serious damage to the company, its customers and its reputation, such as financial statements, personal health information and more
The Three Principles of the CIA
- Confidentiality: means that others should only understand the parties involved in that transaction, so the data is protected.
- Safety: It means that no modification has been transferred to the message, and if any modification occurs, the system must be able to detect it and cut off that message.
- Availability: means that the system needs to ensure timely and reliable access to users.
Additional elements of the CIA triad:
- Authenticity is the property of the transaction being genuine and the ability to verify the parties involved in the transaction.
- Accountability means that everyone working with an organization must have a specific responsibility in terms of ensuring information..
Confidentiality
- Confidentiality is a set of rules that limit access to information.
- Information should only be available to authorized persons.
- Keep data private or secureة.
Attacks targeting access to personal information constitute breaches of server confidentiality.
What is data integrity?
- Data integrity refers to the accuracy and consistency of data over its lifecycle. Compromised data does not benefit organizations, let alone the risks posed by the loss of sensitive data. For this reason, maintaining data integrity is central to many enterprise security solutions.
- Data integrity can be compromised in several ways. Each time data is copied or moved, it must remain intact and unmodified between updates
Threats to the integrity of the dataset include:
- Human error: For example, accidentally deleting a row of data in a spreadsheet.
Transfer errors: including accidental changes or compromising data during transfer from one device to another. - Aggregation error: For example, the collected data is inaccurate or lacks information, creating an incomplete picture of the subject.
Violations of cybersecurity or internal privacy:
For example, someone hacks into your company’s database with the aim of destroying or stealing information.
The relationship between data integrity and data encryption:
Data encryption and data integrity are closely related concepts that work together to protect sensitive information. Encryption helps maintain data confidentiality and indirectly supports data integrity by preventing unauthorized access and manipulation
- The relationship between data integrity and data recovery:
- Data recovery is the process of recovering data that has been lost, accidentally deleted, corrupted, or become inaccessible.
- Data integrity ensures retrieval, searchability, traceability (to source), and connectivity.
- Data health and accuracy. protection increases stability and performance while improving reusability and maintenance.
- Data recovery is the process of recovering data that has been lost, accidentally deleted, corrupted, or become inaccessible
- Data integrity ensures retrieval, searchability, traceability (to source), and connectivity. Data health and accuracy protection increases stability and performance while improving reusability and maintenance
Attackers may cause safety damage by manipulating information.
Data Integrity and Hash Functions
- The summary is the output of the hash.
The summarization algorithm is the hash algorithm.
The summary was signed using the special security key.
A message summarization algorithm, or hash function, is an action that maps random-length input data to fixed-length output.
- Segmentation is used to provide integrity
- The sender calculates the summary from the message.
The sender sends the message and summary. - The receiver calculates the summary from the received message.
- The receiver compares both abstracts.
- If the summaries match, the message wasn’t modified during the transfer.
- The objector can modify the message and recalculate the hash.
- The receiver compares his summary with the modified summary.
- Just sending a message summary is not enough.Something else must be done…
Hashing algorithm
- Input: Message.
- Output: summarized value
- Example: MD5, SHA1, etc….
- MAC – Message Authentication Token
- Input: Message + Secret Key
- Output: summarized value
- Example: HMAC (hash-based message authentication code).