Knowing everything about IT security
Five main objectives of IT security:
- Integrity: ensuring that the data are those they are supposed to be
- Availability: maintaining the proper functioning of the information system
- Confidentiality: making the information unreadable to anyone other than the agents in a transaction
- Non-repudiation: ensuring that a transaction can’t be denied
- Authentication: making sure that only authorized persons have access to resources
Three basic and complementary points of IT security: prevention, detection and reaction.
In most cases, protection of your computer system can be summarised in five points :
- Analyse the risks
- Define a security policy
- Implement a solution
- Evaluate the solution
- Update the solution and policy in the light of changes in risk
Despite all the preventive measures, no computer system is immune to an incident. So you have to develop a reliable and effective detection system. Detection requires constant and careful monitoring of the state of a system, in particular through automated alerts.
An effective response to an incident is a fast and a well-ordered reaction.