Information Security

Information security includes protection of information security hardware, software and data from damage and theft. It includes any source of information throughout information and communication technology (ICT) system. Cyber Security is just one of the part of information security.

Component of Information Security:

1. Confidentiality :
   • Allow only authorized subject to view sensitive data.
   • Use of cryptography but problem of it  is that itcan be used only to protect data.
   • To protect resources, limit access either by using firewall or use access control just like OS has.
2. Integrity:
   • Maintain accuracy and hence trustworthiness of data and system. It has 2 aspects:
     1. Data Integrity : Accuracy of Data.
     2. Origin Integrity : Authentication of origin/source. for example, interrupted database transaction may lead to inconsistency.
3. Availability:
   • Enable necessary access of user to data and resources.
   • User should receive expected service.
   • This is affected by denial of service (DOS) attacks.
4. Non Repudiation :
   • Prove that event or action that has taken place cannot be repudiated later.
5. AAA of security :
   • Authentication, Authorization and Accountability of user.
   • For controlling access of user to system resources, auditing usage and enforcing policies.

Goals of Security :

1. Prevention:  Prevent attacks from violating security policies.
2. Detection : Detect violation of security policy by attacker
3.  Recovery : Stop attack, assess and repair damage. Continue to function correctly even if attack succeeded.

Information Assurance :

Information assurance focuses on incorporating protection, assessment, detection and reaction capabilities. It deals with restoration of information system after attack. It realizes around analysis of ICT systems for vulnerabilities. Information assurance is understanding threats and based on it identification of security solutions for a particular system.

Some points to be noted :

• Information Assurance and Information Security, are similar in some aspects like Cyber Security, Forensic Science, Security Engineering etc. but Information Security mainly focuses on securing assets while Information Assurance deals with identification of threats in ICT system.
• Analysis of technology, processes and people, performing penetration testing, red teaming to discover the weaknesses in systems and thus increasing delivery of desired services required by ICT all are included in Information Assurance.
• Also Information Assurance addresses to tenets of post incidental analysis and examination to identify root cause for failure of any systems.

Information Security only deals with how to improve security but Information Assurance's primary intent is reducing gap of loss of availability when system is under attack.