table of contents
- 01.What is Information Security?
- 02.What are the three elements of information security?
- 03.What are the 7 elements of information security (4 new elements added)?
- 04.Types of information security measures
- 05.Information security measures using LANSCOPE Endpoint Manager Cloud Edition
- 06.To ensure information security measures are in place and confidential information is protected
The seven elements of information security are the three elements of information security (confidentiality, integrity, and availability) plus four new elements (authenticity, accountability, non-repudiation, and reliability).
| confidentiality | Only authorized users can access information |
|---|---|
| completeness | Refers to protecting and maintaining the state in which information is free of errors and completeness. |
| availability | This means that users who have the authority to access information can access it when they need it. |
| authenticity | Refers to a state in which it is clear that the user or terminal accessing information is an authorized person or system. |
| Accountability | It refers to clarifying who and how operations on information and systems were performed. |
| non-repudiation | When a problem occurs regarding information assets, it refers to proving that the person responsible cannot later deny it. |
| Reliability | Refers to the system processing and data manipulation being performed without defects or malfunctions. |
By comprehensively securing and maintaining these, it is possible to prevent security risks caused by external attacks, internal fraud, human error, disasters, etc.
It is also important to understand the security risks faced by your company or organization and take the following information security measures accordingly.
- Technical measures : Measures to prevent security risks from the hardware and software perspective
- Human measures : Measures to prevent security risks caused by human error, etc.
- Physical measures : Measures to prevent security risks caused by physical factors such as disasters
This article defines the seven elements of information security and explains the measures to ensure and maintain each element.
To summarise this article:
- Information security refers to protecting the information assets held by companies and organizations from cyber attacks and internal fraud.
- Information security risk refers to the risk of adversely affecting the systems and services used by an organization and the information assets it holds, and can be broadly divided into two categories: ” threats ” and ” vulnerabilities .”
- The three elements of information security are confidentiality , integrity , and availability , and are also referred to as CIA, an acronym of the three elements.
- In recent years, seven elements of information security have been proposed, including the three elements of authenticity , accountability , non-repudiation , and reliability .
- Information security measures can be broadly divided into three categories: technical measures , human measures , and physical measures .
What is Information Security?
Information security refers to protecting the information assets held by companies and organizations from cyber attacks, internal fraud, etc.
Information assets include confidential information, as well as the company’s brand and image, technical information, business know-how, and equipment used to store information.
Information security requires consideration of not only dealing with the aforementioned cyber attacks and internal fraud, but also of BCPs *1 that anticipate disasters and equipment accidents .
Since an organization needs to deal with a wide range of measures, it is important not to just formulate information security and then leave it at that, but to continually improve it by going through the PDCA cycle.
*1 BCP: Business Continuity Plan. A plan that anticipates emergencies such as disasters, accidents, and terrorism, and ensures that business can continue as much as possible even in such cases.
Information Security Risks
Risk in information security refers to the risk of adversely affecting the systems and services used by an organization and the information assets it holds.
Although there are many individual risks, organizational risks can be broadly categorized into two categories: “threats” and “vulnerabilities.”
threat
Information security threats refer to factors that hinder the safety of information and the normal operation of systems, and are classified into three types: “intentional threats,” “accidental threats,” and “environmental threats.”
- Intentional threats : Threats intentionally generated by humans, such as external attacks and internal fraud.
- Accidental threats : Threats that occur unintentionally due to human error
- Environmental threats : Threats from disasters such as fires, earthquakes, and lightning strikes
vulnerability
This refers to a weakness in security measures that has the potential to cause a threat. Examples include
physical vulnerabilities such as earthquake- and fire-resistant structures of buildings, software defects, system failures, and inadequate confidential information management systems.
If nothing happens, there will be no damage, but since vulnerabilities are the cause of threats, addressing them is an important security measure.
What are the three elements of information security?
The three elements of information security are confidentiality , integrity , and availability , and are also referred to as CIA, an acronym of the three elements.
Confidentiality
This means that only authorized users can access information.
The basis is to minimize the access rights to information.
The main countermeasures are to set appropriate access rights and to use a robust authentication system.
Integrity
It refers to protecting and maintaining information in a state where it is error-free and complete.
Integrity can be lost not only when information is tampered with, but also when the content is outdated due to lack of maintenance.
The main countermeasures are measures against unauthorized access and proper document management.
Availability
This refers to the ability of users with the authority to access information to access the information when they need it.
Availability can be said to be impaired when information cannot be accessed due to a system failure or disaster.
The main countermeasures are system and power redundancy and BCP.
The three elements of information security are explained in detail in the following article, so please take a look.
What are the 7 elements of information security (4 new elements added)?
The three elements of information security – confidentiality, integrity, and availability – are widely known, but in recent years, four more elements – authenticity , accountability , non -repudiation, and reliability – have been added to make seven elements.
Authenticity
This refers to a state in which it is clear that the user or device accessing information is an authorized person or system.
If a malicious person can steal account information and access the system, it can be said that authenticity has been compromised.
Measures to ensure and maintain authenticity include:
- Digital Signature
- Multi-factor authentication, including biometrics
Some examples include:
Accountability
This refers to clarifying who performed what operations on information or systems and how they were performed.
Measures to ensure and maintain accountability include:
- File access logs
- Device operation log
- Digital Signature
Some examples include:
non-repudiation
When a problem occurs with information assets, it refers to proving that the person responsible cannot deny it later.
When an action is pointed out, if there is no evidence, it is possible for the person to deny it, and in some cases it may be difficult to confirm the facts.
As with accountability, the main countermeasure is to obtain and securely store access logs and terminal operation logs.
Reliability
This refers to system processing and data manipulation being performed without defects or malfunctions.
If data is changed by unintended processing, the data loses its integrity and its reliability as information drops significantly.
Measures to ensure and maintain reliability include:
- Thorough review and testing during system design
- Establishment of manuals and rules
Some examples include:
Types of information security measures
There are three main measures to improve information security:
- Technical measures
- Personnel measures
- Physical measures
Technical measures
Technical measures are measures to prevent security risks from the hardware and software perspective.
Specifically, the following measures are applicable:
- Antivirus deployment
- Installing a firewall or IDS/IPS
- Log monitoring
- Data encryption
Personnel measures
Human-related measures are measures to prevent security risks caused by people, such as human error or employees unauthorized removal of information.
Specifically, the following measures are applicable:
- Providing security education for employees
- Establishment of manuals and rules
Physical measures
Physical measures are measures to prevent security risks caused by physical factors such as loss, destruction, and disasters.
Specifically, the following measures are applicable:
- Installation of surveillance cameras
- Entrance and exit record management
- Security guard deployment
- Installation of auto-lock
Our IT asset management and MDM tool, LANSCOPE Endpoint Manager Cloud Edition, is equipped with the following functions that are effective for information security measures.
- Windows Update Management
- Collecting operation logs
Patch updates, check if your OS is up to date
LANSCOPE Endpoint Manager Cloud Edition provides the following features for Windows update management:
1. Displays a list of devices that have not yet applied the latest Windows updates (such as feature updates and quality updates) on the management screen.2
. Bulk distribution of Windows updates based on detailed settings such as distribution date and time and display message.3
. Devices used outside the company that do not access the internal network can also be managed as long as they are connected to the Internet.4
. Understanding the success or failure of Windows updates after distribution
