:: MIS Insights ::

Information Technology roughly has six principles that it follows. For any organization that wants to have a secure system, most Consultants, System Administrators and Software Engineers look at the following checklist:

1. Authentication is the process of identifiying someone or something. It is the process which makes sure that only the right people get in to a system.

2. Authorization determines what users can or can not do with the system. Think of it as your list of privileges.

To illustrate the difference between Authentication and Authorization, think of Alice who works at the Accounting department of Stoned Company. Alice can be authenticated or identified with an ID that she has, allowing her to enter the company building. However, Alice might be authorized only with access to the floor where the Accounting department is located.

3. Non-Repudiation is one way to make sure that messages are sent and received by the involved parties. The sender cannot later deny that she sent a message and a receiver cannot deny receiving message.

For instance, if Alice sends an e-mail to Bob, Alice cannot say that “she did not send an email to Bob.” Bob, on the other hand, cannot say, “I did not receive anything from Alice.”

This contractual setup is particularly useful in tracing transactions between parties and assigning responsibility to the people involved.

4. Integrity is making sure that data never gets compromised or changed while in transit between Alice and Bob’s mailboxes. Whether data is unintentionally corrupted along the way due to lost packets over the internet or a cracker intentionally alters the message, Integrity mechanisms must be in place to make sure that the message arrives the way it was sent.

5. Confidentiality, on the other hand, is making sure that only the intended recepients receive the message. If Bob sends a message intended for Alice, Eve must not be able to read the message. Eve might intercept it, but must not be understandable for her. This is usually accomplished by using Cryptographic technologies.

6. Availability. The availablility of services anytime is one of IT’s main selling points. That’s why hardware and software solution providers are working hand-in-hand to craft solutions that bring consumers the most nines (ex. 99.999999% uptime).

This is just an introduction of the big topic that IT Security is. Stay tuned as we go through each of the principles along the way.