Computers are one of mankind’s greatest inventions. With time, they have evolved from large and slower to smaller and faster computers which can be used both officially and at home. Among an array of functions performed by computers is storage and access to information. However, of significance here is to what extent are these computers safe from breach of security by hackers. Today, cybercrime is one of the greatest challenges to critical information which has been restricted both publicly and privately. Hacking into federal agencies as well as corporate espionage are no longer ‘once-in-a-while’ incidents in local and international news in the current days (Richards, 2015). As a result, there is an urgent need to develop an effective security measure of preventing cyber threats and crime among organizations. For this purpose, this study seeks to explain the goals for information security as well as the categories of services needed to achieve these goals.
Goals for information security
This goal focuses on the availability of the right systems as well as data which are only meant for the intended purpose. This requires that information is readily available for the authorized personnel only. It also ensures that the systems are fast and efficient for the effectiveness of the intended purpose. Availability protects an information system from accidental attempts by unauthorized people to access, change or delete important data from the system. It also prevents such unauthorized people from denying service or data to authorized users. It also protects the system information from being used for unauthorized purposes. Availability is a generally prioritized security objective for most organizations (National Institute of Standards and Technology, 2001).
Integrity is a quality that data or a system has as long as intentional or accidental destruction, loss or alteration of data does not occur. It is the goal of protecting information from alteration by unauthorized users. The goal of integrity can be viewed in two aspects which is data integrity and system integrity. Integrity gives value to information since it would be both costly and dangerous to use information that is incorrect. Integrity is usually one of organizational core objectives after availability.
This goal ensures protection of privacy. It requires that confidential or private information remains undisclosed to unauthorized individuals. This applies to data under storage, data while being processed and while being transmitted. In the world today, information holds great value and that is why organizations would not readily share certain information to external stakeholders. A breach of confidential information such as data leakages couple cripple the reputation of a company as well as disruption of a country’s economy (Kurtz, 2015). Despite its critical nature, confidentiality is usually a third goal after availability and integrity in most organizations today.
This goal requires that the actions of a specific entity can be uniquely traced back to the entity itself. Being one of the organizational policy requirements, it supports fault isolation, non-repudiation, detection and prevention of intrusion, deterrence as well as after-action recovery and legal action (National Institute of Standards and Technology, 2001).
This goal ensures that the other four objectives have been met accordingly. It provides the basis for confidence that both technical and operational security measures work towards protection of the system along with the information that it processes. The conditions that determine whether the other four objectives have been adequately achieved are when:
- The required function is present and has been implemented correctly
- There is utmost protection from unauthorized attacks
- There is enough resistance to intended penetration from unauthorized people.
Without assurance, the other objectives will not have been met effectively and this goal varies from one system to another.
Category of services needed to achieve these goals
These are generic services which form the basis of the security capabilities of an information system. Supporting services interrelate with other services to ensure the effectiveness of a security system. It enables the system to identify unique users, their processes and the sources of information. It also ensures secure management of cryptographic functions and the administration of the security features of a system so as to incorporate operational changes and meet the requirements for a specified installation.
Prevention services aim at preventing the occurrence of a security breach through protection of communications, authorization, authentication and controlling of access to the information system. By protecting communication, prevention services ensure the application of information security goals while the information is being transmitted. Authentication provides methods of verifying a subject’s identity while authorization permits continued management of the actions allowed in a specific system. Controlling of access to an information system can be done through encryption of files. Prevention services also allows for privacy during transactions so as to keep the identity of an individual using the system to be secret (National Institute of Standards and Technology, 2001).
Detection and recovery
Due to the imperfection of prevention measures, consistent detection of security breaches as well as the need to take action in reducing the impact of the breach is necessary. Detection and recovery services includes system auditing, detection and containment of intrusion, evidence of wholeness and restoration of a secure condition of a system. Insecure situations ought to be essentially detected for an immediate response. To add, detection of security breaches will not be effective if it is not followed up by a recovery process. Evidence of wholeness is relevant so as to be able to detect incidences of data corruption and to ensure data integrity.