What are the five pillars of Information Security

When it comes to managing information, whether its paper based or digital, information security will play an important. Without information security, all the information you have whether personal, confidential or publicly available will be affected in some form of another.

Through implementing information security and more specially adopting the five pillars of information security, your information and your systems will be protected against accidental damage, misuse and fraudulent attacks. The five pillars of information security further build upon the CIA triad.

To build a functional and secure system which does not impact everyday operations, you need to build with usability and connivence in mind, if you make it too difficult to work and do simple tasks people will look at ways to bypass systems and potentially make things worse and insecure.

So, what are the five pillars of information security and what should you consider when securing your information.

Confidentiality

Confidentiality, along with integrity is one of the most important aspects when it comes to information security, if the information that is meant to be kept from unauthenticated eyes and is made available for viewing, the confidentiality of the information is lost.

You can protect data and ensure its confidentiality using encryption when storing data as well as transmitting data across the networks and internet. Ensuring that access to information is also restricted and only granted access to those who are allowed it. You can ensure that you use data classification and ensure that the rules against the classification of information is protected depending upon the levels set.

Integrity

The integrity of information is where information is meant to remain in its natural state, meaning that the data should be correct and that it should remain unaltered when being transmitted from one location to another.

To ensure that the integrity of information is protected, you should ensure that information is protected against tampering and modification from unauthorised users and systems. Checks should be put in place to ensure that only those systems which are allowed to modify data are allowed to.

You should ensure that users are trained sufficiently in the processing and modification of information as well as ensuring that access to the information is granted on what is required. Ensuring that file hash checks are carried out and that file hashes remain unchanged, where needed.

Availability

Availability of information is another important aspect when it comes to information security, if you can’t make information available to end-users and systems then the data is unavailable.

Making access to information should be done through the implementation of resilience and having robust systems in place. If using on premise systems, making sure that hard drives are configured with RAID and that enough resource is in place.  Making sure that back-up power and batteries are also available.

Authenticity

Ensuring that information is authentic and it is what it should be, when systems and end-users request information, the information should be correct and true and reflect the information that is being requested for.

You can ensure that information is true and correct by ensuring that data is not tampered, through access control, that data hashes are checked and verified and that checks are put in place to ensure that the information which is requested is properly presented.

Non-Repudiation

The non-repudiation of information goes hand in hand with the other elements of the pillar and ensures that the data which is presented to the end-user or system has been delivered correctly.

The requester of the information and the sender of the information should be able to confirm and validate the sending or receiving of information and there should be no doubt about this.

This can be through ensuring that logs are generated and are correct and that if needed, evidence can be provided to prove that the information was delivered.