Principles
Knowing everything about IT security
Five main objectives of IT security:
- Integrity: ensuring that the data are those they are supposed to be
- Availability: maintaining the proper functioning of the information system
- Confidentiality: making the information unreadable to anyone other than the agents in a transaction
- Non-repudiation: ensuring that a transaction can’t be denied
- Authentication: making sure that only authorized persons have access to resources
Three basic and complementary points of IT security: prevention, detection and reaction.
Prevention
In most cases, protection of your computer system can be summarised in five points :
- Analyse the risks
- Define a security policy
- Implement a solution
- Evaluate the solution
- Update the solution and policy in the light of changes in risk
Detection
Despite all the preventive measures, no computer system is immune to an incident. So you have to develop a reliable and effective detection system. Detection requires constant and careful monitoring of the state of a system, in particular through automated alerts.
Reaction
An effective response to an incident is a fast and a well-ordered reaction.