Five Pillars of Information Security and Information Assurance
The below list is often referred to as the five pillars of information security. However, many these tenets also apply to physical security as well. In colloquial terms these tenets or pillars of security define.
The terms “data, asset, resource, and system” are often used here interchangeably
- Confidentiality – data is encrypted and third parties cannot economically decrypt data
- Data Integrity – data remains uncorrupted during transmission, storage, or latency. Data cannot be tampered with or modified by unauthorized entities. Within the internet security realm, ensuring data integrity thwarts Man-In-The-Middle attacks. For software downloads over the Internet many firms supply a hash signature. This allows users to verify that the downloaded version is legitimate and has not been tampered or corrupted during transit.
- Availability – resources (and infrastructure) remain robust and fully-functional in all adverse and non-adverse conditions. This includes fall-overs and “Site Bs.” As an example, load balancers are used to ensure availability of server resources
- Non-repudiation – neither party can deny sending, receiving, or accessing the data. This implies a degree of auditabilty. As such, logs of who sent the data and who received it are recommended
- Authentication – the ability to confirm with a high degree of certainty that a given counterparty is indeed who he says he is. Authentication thwarts impersonation. Parties must confirm their identities before being allowed access to systems and resources
Additional Measures Supporting the Five Pillars
Access Control (Lists) – restricts and segregates use of resources only to authorized agents (i.e., personnel and systems) who have a legitimate business need to use said resources
Auditability – system monitoring and logs are maintained that record all entities who access (e.g., read, write, delete, send) designated resources. Auditability is Closely related to threat detection and threat response capabilities
Recoverability – Procedures, processes, systems, and back-up resources are in place to restore the asset to original state in the case of an asset or system compromise
Further Reading and Resources