focus notes
What are the three important elements for information security measures? Introducing four new elements you should know about in the future
table of contents
Originally, information security measures were mainly carried out by government offices and large companies. However, in recent yearsFrom small to medium-sized businesses to individuals, this issue is becoming more important and measures are being taken.
I'm sure many of you will be taking measures from now on. This time, we will discuss the first things you should understand when considering information security measures.Three elements of information security measuresI would like to introduce about.
What are the three elements of information security?
The first thing you need to know before starting information security measures is:"Three Elements of Information Security"is. in particular,"Confidentiality" "Integrity" "Availability"refers to
Recently, incidents related to information security have become diverse, but countermeasures include:It is important to comprehensively ensure these three elementsIt will be.
The English words are "confidentiality," "integrity," and "availability," respectively, and the acronyms aresecurity ciaIt is sometimes said that Now, let's take a closer look at each element.
Confidentiality: confidentiality
Ensuring confidentiality meansOnly people with access privileges to information assets can view the information., to make information in a state where it cannot be viewed or used by anyone who does not have access privileges.
Examples of countermeasures
Setting access privileges for files, setting password authentication for devices, using encryption, restricting access to data storage areas, etc.
Major incidents
Insufficient confidentiality may lead to information leaks. There are cases where former employees access information assets and take them outside the company, and stored personal information is leaked due to cyber attacks such as hackers.
integrity: integrity
Ensuring integrity meansA state in which information assets are not tampered with and are stored and maintained as correct information.It means.
Examples of countermeasures
Keeping a history of accesses and changes to information assets, restricting operations when accessing information assets, etc.
Major incidents
Recently, the most common integrity-related incidents are website falsification and data falsification. Although this is an incident that is unlikely to lead to personal information leakage, there are cases where it is carried out for the purpose of damaging a company's credibility.
This is often overlooked compared to the confidentiality involved in information leaks, but with the advancement of AI and automation, if data is falsified or missing, it could lead to a major accident.
Availability: availability
Ensuring availability meansCan be used safely by anyone with legitimate access privileges whenever needed.It means.
Examples of countermeasures
System duplication, data backup, data cloud management, power supply measures, disaster recovery plans, etc.
Major incidents
If the system goes down due to a power outage, disaster, cyber attack, etc., it may be impossible to provide services.
Telework and availability
Recently, the number of remote working styles has increased. However, from a security perspective, many companies have environments in which important information can only be accessed from the internal network. This is another example of not ensuring availability. Countermeasures such as data management in the cloud will be necessary, but it is difficult to find a balance with confidentiality.
What are the seven elements of security?
So far, we have explained the three elements of security, but in reality, there are now four more elements."7 Elements of Security"It is also called.
The added elements are"authenticity", "accountability", "reliability", "non-repudiation"These are the four elements.
This time, we will briefly introduce the four new elements that have been added.
authenticity: authenticity
Simply put, it allows you to authenticate whether the person trying to access your site is who they say they are. Specific measures include "digital signatures."
Accountability
It is possible to trace who performed the actions that could or did cause an incident. One specific measure is to use a system that records access logs and operation logs to manage who was responsible for the operations and tampering.
Reliability: reliability
In information processing, intended operations are performed reliably. Even if there is no human error, data can be falsified due to system bugs. One measure is to eliminate bugs in the system.
Non-repudiation: non-repudiation
The ability to prove actions and events related to information resources so that they cannot be denied later. This can also be achieved by utilizing digital signatures.
Have information security measures audited externally
"Information security audit"What isA third party with specialized knowledge regarding security objectively evaluates the content and operational status of current information security measures, guarantees the level of security measures, and provides advice on areas that are inadequate.is.
In 2003, the Ministry of Economy, Trade and Industry launched the "Information Security Audit System," and its auditing and management standards have been clarified. The audit system also specifies seven elements: confidentiality, integrity, availability, authenticity, traceability, reliability, and non-repudiation.
No matter how high-level information security measures are in place,In order to prove the high standards, it is necessary to have an external person check it.There are also issues that can be seen from an outside perspective, and you may be able to receive good advice.
Information security audits are also important in order to improve information security measures to a higher level.
lastly
How was it? As introduced in this article, the three elements of information security have now increased to seven elements. that's all,Information security measures are also becoming more sophisticated and segmented.I think it's okay to think that. FirstMeasures centered on the 7 elements of securityand then furtherLeverage external auditingI recommend you try it.
[Reference site]
・Three elements of information security | JNSA
・Security incident | IT terminology dictionary
・Information Security Management Standards (2016 revised edition) | Ministry of Economy, Trade and Industry
-
Use email and websites safely! Introducing malware infection countermeasures
-
What is a cyber attack? Explaining the types and examples
-
How many cyber attacks occur in Japan and what are their purposes?
-
What is unauthorized access? Explanation of damage details, causes, and countermeasures
-
Cyber attacks are increasing rapidly in Japan! Consider the reason
-
Invisible cyber attack! Introducing its visualization and countermeasures
Achievements left behind
48 years since its establishment.
We have a proven track record because we have focused on what is important.
It has a long track record in both the public and private sectors.
Number of projects per year
500 PJ
Annual number of business partners/customers
200 companies
Maximum number of trading years
47 years
Total number of qualified persons
1,870 people