THE THREE COMPONENTS OF INFORMATION SECURITY
A data breach can certainly be harmful to your business , and whether it is the cause of an accidental event or an intentional action , it can damage your organization ’ s reputation or cause financial loss . So , what does it take to protect your data ?
Let ’ s start with basic information security — the “ must-haves .” There are three components of information security to evaluate in your network and operations environment : confidentiality , integrity , and availability .
Confidentiality . Confidentiality involves the efforts of an organization to make sure data is kept secret or private . To accomplish this , access to information must be controlled to prevent the unauthorized sharing of data — whether intentional or accidental . A key component of maintaining confidentiality is making sure that people without proper authorization are prevented from accessing assets important to your business . Ask yourself :
• What information and systems are most important to you ? » Have these important assets been identified and inventoried ? » Do you know where they are and who has access ?
• What information and systems might you be required to protect ?
• Is access to information and systems properly maintained ?
• How are information and systems protected against threats ?
Integrity . Integrity involves making sure your data is trustworthy and free from tampering . The integrity of your data is maintained only if the data is authentic , accurate , and reliable . To protect the integrity of your data , you can use hashing , encryption , digital certificates , or digital signatures . These are the important questions to ask regarding integrity :
• Is data complete and accurate ? » When was the last time these data were validated ?
• What change controls exist over information and systems ? » Is your change management process documented and followed ?
• Is data readily available to make business decisions ?
• Are routine , secure , and tested data backup procedures in place ?
• Are systems properly patched and up to date ?
It is vitally important to act quickly to secure your company ’ s information and protect any data that has been compromised in case of a breach , but more importantly to help prevent a breach from ever happening . To support confidentiality , integrity , and availability the following must be in place :
Physical access controls . Restrict access to buildings and key IT areas coupled with monitoring .
Procedural controls . Increase security awareness , training , management oversight , and incident response .
Technical controls . Add multi-factor authentication , anti-virus / malware , and need-to-know access . Change controls .
Compliance controls . Conduct periodic assessments , impose security rules , and complete periodic security assessment audits .
If you ’ re unable to affirmatively answer these questions , or don ’ t currently have an integrated information security framework in place , then don ’ t struggle about what to do next . Contact Rea ’ s Information Services team today . by : Rex Moskovitz Senior Manager Rea & Associates 5775 Perimeter Drive Suite 200 Dublin , OH 43017-3224 ( 614 ) 889-8725 rex . moskovitz @ reacpa . com
• Is data protected throughout its life cycle ? » You must consider the integrated system of people , processes , and tools that manage the life and application and its data from concept to retirement .
Availability . Data that is kept confidential and integrity maintained is useless unless it is available to those in the organization and the customers they serve . This means that systems , networks , and applications must be functioning as they should and when they should . Ask these questions :