Contents
What is Information Security?
Information security is an attempt to prevent the existence of information from being obtained by undesirable persons in any environment by using the right technology, for the right purpose and in the right way, in order to protect the information as an asset from threats or dangers.
Information security; It ensures the protection of the services, systems and data provided. When users evaluate information security from their own perspective, as a simple definition; It can be thought of as ensuring the security of access to the computers and smartphones used in daily life and the systems used.
In other words, the process of protecting information from unauthorized use, unauthorized disclosure, unauthorized destruction, unauthorized modification, damage to information, or preventing unauthorized access to information. The terms information security, computer security and information insurance are often used interchangeably.
Due to the sharing of data and its availability to be accessed continuously, the transmission of information from the sending source to the receiver in a confidential manner, without being corrupted, destroyed, changed or captured by others, with its integrity ensured, are the basic criteria for ensuring information security.
What are the Components of Information Security?
There are 7 elements of information security. These are reliability, integrity, identification, non-repudiation, confidentiality, logging and accessibility.
1) Reliability
It can be summarized as the consistency between the behavior expected from these systems and the result obtained after the installation of the systems. After a device or system is installed as desired; Analysis based on observation of whether it works as desired will reveal the reliability of the system.
Reliability is defined in the ISO/IEC 27000 ISMS dictionary standard as the consistency feature of behavior and results. It can be summarized as the consistency between the behavior expected from these systems and the result obtained after the installation of the systems.
After a device or system is installed as desired; Analysis based on observation of whether it works as desired will reveal the reliability of the system
2) Integrity
It means not changing the information by unauthorized persons, that is, keeping and storing the information as required. In other words, integrity attempts to prevent unauthorized write access to data. There are two types of integrity: data integrity and system integrity.
Data integrity aims to protect information against unauthorized changes; System integrity aims to protect a system such as servers and network devices from unauthorized changes.
If a malicious user hacks the mail server and changes the permissions, data integrity will be violated. If it installs malware on the system to allow future “backdoor” access, it violates system integrity.
3) Identification
It is the verification and determination of the identity of the user who wants to access information and whether he or she is registered in the system. It is the process of verifying that the correct person has entered the system by identifying the identities of all users who enter the systems or a web page on the internet, using the specified methods, such as the username and password, or the TR ID number and password used when logging into banks’ internet branches.
In this way, malicious people are prevented from entering the system. Identification is defined in the ISO/IEC 27000 ISMS dictionary standard as providing assurance that the claimed characteristics of a legal entity are correct.
4) Inability to Deny
In case the information is shared, the person sending the information and the person receiving the information cannot deny that the information was not shared.
Non-denial is defined in the ISO/IEC 27000 ISMS dictionary standard as the provability of the occurrence and source of the alleged event or activity in order to resolve disputes about whether the event or activity exists and the sources within the event.
5) Privacy
It means preventing information from falling into the hands of unauthorized persons, that is, restricting access, modification or use of information by persons who are not authorized to do so. An example of a privacy attack would be the theft of Personally Identifiable Information, such as credit card information.
Data should only be accessed by users with consent, official access approval, and permission to know. Many countries share the desire to keep national security information secret and do so by ensuring privacy controls are in place. Organizations large and small need to keep data private.
6) Log Keeping
Logging is the process of automatically recording events in a system in terms of time, username and action. This record is also kept so that system errors and changes made to the system can be checked later.
All users accessing the Internet through a network and the transactions made by all components in a network are recorded in a similar way.
7) Accessibility
It is a situation where information can only be accessed by authorized people. Ensures information is available when needed. An example of an attack on availability would be a denial of service (DoS) attack, which attempts to stop the service of a system.
Use techniques such as failover clustering, site resiliency, automatic failover, load balancing, redundancy of hardware and software components to ensure high availability of services and data.
Accessibility is defined in the ISO/IEC 27000 ISMS dictionary standard as “the ability to be accessible and usable when requested by an authorized legal entity.”
By ensuring compliance with these principles, concerns about the security of information technologies are minimized. It shows a noticeable increase in sustainability.