Critical Characteristics of Information
Accuracy: involves an attribute of information that describes how data is free of errors and has the value that the user expects. Maintaining accuracy is one of the most crucial aspects of meeting responsibilities as a cybersecurity professional. Ensuring accuracy provides consistency and dependability of information assets, allowing users access to data with appropriate values. For example, users who make purchases online through e-commerce websites expect to only be charged for items within their shopping carts (at a specific value) when they submit their credit or debit card numbers during the checkout process.
Authenticity: refers to an attribute of information that describes how data is genuine or original rather than reproduced or fabricated. In many circumstances it becomes integral for a business to establish policies that prevent employees from modifying data from its original content. For example, employees-both technical and non-technical-at an online news agency have a responsibility not to plagiarize content from other agencies.
Availability: an attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction. Information security experts may need to make information available or restrict access to assets that assist employees in meeting their responsibilities. For example, a security expert can assign a specific drive on a company’s server which allows certain employees access to information from their workstation.
Confidentiality: an attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems. Information security professionals can encrypt files to prevent unauthorized employees from accessing data.
Integrity: an attribute of information that describes how data is whole, complete, and uncorrupted. Security professionals maintain a responsibility to ensure that data has integrity on an ongoing basis. The process involves using firewalls, encryption and monitoring software that identifies and removes viruses that can corrupt data.
Personally identifiable information: a set of information that could uniquely identify an individual. A fundamental responsibility of information security experts would be to protect access of personal information like names, dates of birth and social security numbers from unauthorized employees or potential threat agents.
Possession: an attribute of information that describes how the data’s ownership or control is legitimate or authorized. Every organization has possession of key information assets; however, disgruntled employees and outside threat agents may cause a breach in possession by obtaining data in which they should not have access and trying to share the information with other parties in order to damage the company’s information assets.
Utility: an attribute of information that describes how data has value or usefulness for an end purpose. Information serves a purpose for employees within an organization. Each employee may view specific data points as containing different levels of utility, based on their need to use the data for achieving their job functions.