In general, in the form of computer security, we can understand that it is all about detecting and preventing the system from external agents who somehow want to harm our system or information residing within that system. So there are specific elements that are kept in mind which can check these executions of illegal cyberattacks and work in defined protocols to ensure that the system is safe. In this chapter, you will learn about the six elements of security.
What Are the Various Elements of Security?
For fulfilling all the security-related constraints and requirements, researchers and security analysts have come up with some unique concepts that, when preserved, can help in keeping the system safe and secure. If anyone of the elements gets compromised, there is a potential risk for the information as well as the system. These six elements are:
- Availability: As the name suggests, availability specifies whether the data or resource is available when it is required or requested by the client. The information that has been requested will possess the actual value only when legitimate users can take access to those resources at the right time. But cybercriminals seize those data so that the request to access those resources gets denied (leads to downtime of a working server), which is a conventional attack.
- Integrity: This refers to the techniques to ensure that all the data or resources that can be accessed in real-time are legitimate, correct, and protected from unlawful user (hackers) modification. Data integrity has become a primary and essential component or element of information security because users have to trust online information to use them. Non-trusted data compromises the integrity and hence will violate one of the six elements. Data integrity is verified through techniques like checksums, change in hash values, and data comparison.
- Authenticity: Authenticity is another essential element, and authentication can be defined as the process of ensuring and confirming that the identity of the user is genuine and legitimate. This process of authentication takes place when the user tries to gain access to any data or information (commonly done by login or biometric access). However, cybercriminals use more sophisticated tools and techniques to gain such access with the use of social engineering, password guessing, brute force techniques, or cracking ciphers.
- Confidentiality: can be defined as permitting approved users for accessing to all sensitive as well as a protected information. Confidentiality takes care of the fact that confidential information and other resources have to be revealed to legitimate and authorize users only. Confidentiality can be made certain by the use of role-based security techniques for ensuring user or viewer's authorization as well as access controls on any particular data.
- Non-repudiation: can be defined as the way of assurance that message transmitted among two or more users via digital signature or through the use of encryption is accurate, and no one can deny the authentication of the digital signature on any document. Authentic data, as well as its origination, can be acquired with the help of a data hash.
- Utility: as the name suggests is used for any purpose or reason and is accessed and then used by users. It is not entirely the type of element for security, but if the utility of any resource becomes vague or useless, then it is of no use. Cryptography is used to preserve the efficiency of any resource sent over the internet. Various encryption mechanisms are used for securing the message or data sent over the internet so that it is not altered during the transmission; otherwise, the utility of that resource will not prevail.