Computer security can be defined as controls that are put in place to provide confidentiality, integrity, and availability (CIA Model) for all components of computer systems..
Confidentiality: Confidentiality means that information is not given to people, organisations, or processes that are not allowed to see it. For instance, let's say I have a password for my Gmail account, but someone saw me typing it in while I was logging in. If that is the case, my password has been broken, and my privacy has been broken.
Confidentiality is about the same as Measures to protect privacy are made to stop unauthorised people from getting to sensitive information. Data is often put into groups based on how much and what kind of damage it could do if it got into the wrong hands. Then, based on these categories, more or less strict rules can be put in place.
Some information security basics to keep your data confidential are:
Encryption
Password
Two-factor authentication
Biometric verification
Integrity: Integrity means making sure that data is correct and complete. This means that data can't be changed in a way that isn't allowed. Integrity means making sure that data stays the same, is correct, and can be trusted throughout its entire lifecycle. Data must not be changed while in transit, and steps must be taken to make sure that unauthorised people can't change data (for example, in a breach of confidentiality).
For example, if an employee leaves a company, the data for that employee in all departments, such as accounts, should be changed to say " LEFT THE JOB " so that the data is complete and accurate. Also, only people with the right permissions should be able to change employee data. Some security controls designed to maintain the integrity of information include:
Encryption
User access controls
Version control
Backup and recovery procedures
Error detection software
Availability: Availability means that information must be available when it's needed, and it should always be easy for authorised parties to get to. This means keeping the hardware, technical infrastructure, and systems that store and show the information in good shape.
For example, if you need to look at an employee's information to see if they've taken too many sick days, you'll need help from different teams in your organisation, such as network operations, development operations, incident response, and policy/change management. One thing that can make it hard to get information is a denial of service attack.
Information security measures for mitigating threats to data availability include:
Off-site backups
Disaster recovery
Redundancy
Proper monitoring
Environmental controls
Virtualization
Server clustering