Information Security

Pieter H. Hartel, Nanna Suryana Herman

    Research output: Chapter in Book/Report/Conference proceedingChapterAcademic

    53 Downloads (Pure)

    Abstract

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-thenticate the user. There are three different ways in which users can be authenticated. You can use something you know (e.g. password, pin code), something you have (e.g. smart card, RFID tag) or something are (e.g. finger print, your gait). These methods can be combined to provide stronger au-thentication than when they are applied individually. Auditing makes it possible to determine who handled an asset and how, so that ultimately an attacker can be prosecuted. The three concepts are known collectively as the ‘gold standard’, since ‘Au’ is the chemical symbol for gold (Lampson, 2004). There are three important security properties of digital assets. Confidentiality is the ability of a system to stop unauthorised users from handling protected assets. Integrity is the assurance that every asset or system component is exactly as the last authorised party to modify it has left it. Availability is the assurance that authorised users may find the system to work as they expect it to, when they expect it to. These properties (collectively know as the CIA) are true security properties and the focus of this chapter.
    Original languageUndefined
    Title of host publicationCyber Safety: An Introduction
    EditorsE.R. Leukfeldt, W.Ph. Stol
    Place of PublicationThe Hague
    PublisherEleven International Publishers
    Pages281-291
    Number of pages9
    ISBN (Print)978-94-90947-75-0
    Publication statusPublished - 2012

    Publication series

    Name
    PublisherEleven International Publishers

    Keywords

    • METIS-289709
    • EWI-22298
    • SCS-Cybersecurity
    • IR-81855

    Cite this