Introduction

So what's the answer? Paranoia and knowledge. First, never put too much faith in the tech. It's not enough, for example, for encryption to be an option -- you want encryption enforced so that unencrypted is not an option. Second, learn how things work. Learn why SSL works the way it does, why it's POP3S and not POP3, and why "certificate warnings" are a thing. The more important security is to you, the more conservative your paranoia and the more extensive your knowledge should become.

Robert Graham, Technology betrays everyone

Information security

The task of information security is to protect information. This is done by regulating the access and modification of data and information systems. There are three main aspects of information security: confidentiality, integrity and availability. They are also known as the CIA triad.

Confidentiality (Est: konfidentsiaalsus) means that only authorized people can access a given information. Data is inaccessible for all others.

Integrity (Est: terviklus) preserves data accuracy and completeness throughout its life-cycle. For example, integrity assures that the data is not changed while in transit. It can also provide non-repudiation, which gives a proof for the origin of the data.

Availability (Est: käideldavus) means that data should be accessible (for authorized people) when needed. For information systems, it means that the servers must be up and network communication working. Data availability assures that the former is true even in case of a power outage, hardware failures or when the system is under (denial of service) attack.

Infoturve 2023/24 sügis

Introduction

Information security