IX. Insert the proper words (see the words below)

1. Information security means … information systems from unauthorized access.

2. These fields … the common goals of protecting information.

3. Information security is concerned with the confidentiality of data … of the form the data may take.

4. Computer security can focus on … the availability and correct operation of a computer system.

5. Governments, military, corporations, financial institutions, hospitals, and private businesses … a great deal of confidential information.

6. Most of this information is now collected, processed and … on electronic computers.

7. Such a breach of security could lead to lost business, law … or even bankruptcy of the business.

8. Protecting confidential information is a business …, and in many cases also an ethical and legal requirement.

9. For the individual, information security has a significant effect on …

10. The field of information security has grown and … significantly in recent years.

11. It was necessary to have some means of … tampering.

12. Caesar cipher was created to prevent secret … from being read should a message fall into the wrong hands.

13. The end of the 20th century and early years of the 21st century saw rapid … in telecommunications.

14. The new academic disciplines of computer security are sharing the common goals of ensuring the security and … of information systems.

 

1. advancements
2. amass
3. detecting
4. ensuring
5. evolved
6. messages
7. privacy
8. protecting
9. regardless
10. reliability
11. requirement
12. share
13. stored
14. suits

 

X. Give English equivalents

защита информации, несанкционированный доступ, раскрытие и прочтение, защищённость сведений, разделять общие цели, небольшая разница, независимо от, обеспечение правильной работы, частный бизнес, накопить информацию, служащие и клиенты, финансовое положение, попасть в руки конкурента, судебный процесс, частная жизнь, получить доступ, планирование бизнес-процесса, экспертно-криминалистическая служба, средства обнаружения вмешательства, изобрёл шифр, секретные послания, быстрое развитие, оборудование и программное обеспечение, шифрование информации, надёжность системы безопасности

 

XI. Tell your partner about information security

 

 

UNIT 4

BASIC PRINCIPLES

Key concepts

For over twenty years, information security has held confidentiality, integrity and availability (known as the CIA triad) to be the core principles of information security.

There is continuous debate about extending this classic trio. Other principles such as Accountability have sometimes been proposed for addition - it has been pointed out that issues such as Non-Repudiation do not fit well within the three core concepts, and as regulation of computer systems has increased (particularly amongst the Western nations) Legality is becoming a key consideration for practical security installations.

In 2002, Donn Parker proposed an alternative model for the classic CIA triad that he called the six atomic elements of information. The elements are confidentiality, possession, integrity, authenticity, availability, and utility. The merits of the Parkerian hexad are a subject of debate amongst security professionals.

Confidentiality

Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred.

Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive information about a company’s employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information.

Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds.

 

 

Integrity

In information security, integrity means that data cannot be modified undetectably. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of Consistency as understood in the classic ACID model of transaction processing. Integrity is violated when a message is actively modified in transit. Most cipher systems provide message integrity along with privacy as part of the encryption process. Messages that have been tampered with in flight will not decrypt successfully.

 

Availability

For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks.

Vocabulary

CIA = Central Intelligence Agency – ЦРУ

triad – триада, троица

continuous – непрерывный

extend – расширять

accountability – ответственность

propose – предлагать

addition – дополнение

point out – подчёркивать

issue – вопрос

non-repudiation – неотказуемость, невозмож-

ность отказа (напр., что вы

послали сообщение)

fit – подходить, состыковываться

particularly – в особенности

amongst – среди

legality – законность

consideration – понятие

installation – установка, устройство

possession – владение

integrity – целостность

authenticity – подлинность

utility – полезность

merit – достоинство

hexad – шестёрка

transaction – транзакция, операция

transmit – передавать

buyer – покупатель

merchant – торговец

attempt – пытаться, стараться

enforce – усилить, укрепить

encrypt – шифровать

limit – ограничивать

appear – появляться

log file – файл системного журнала

backup – резервная копия

receipt [rı′si:t] – квитанция

restrict – ограничивать

party – сторона

obtain – получать

breach – нарушение, брешь

occur – происходить

permit – позволять

shoulder – плечо

screen – экран

while – пока

display – появляться на экране

laptop – ноутбук

sensitive – чувствительный

stolen – p.p. from steal – красть

sold – p.p. from sell – продавать

result in – приводить к

give out – выдавать

necessary – необходимый

sufficient – достаточный

maintain – поддерживать; сохранять

privacy – частная жизнь

undetectably – незаметно

referential – ссылочный, содержащий ссылки

case – случай

consistency – последовательность, согласованность

violate – нарушать

in transit – на пути следования

provide – обеспечивать

tamper – изменять

flight – процесс передачи

successfully – успешно

serve – служить

communication – связь

channel – канал

aim – нацеливаться

remain – оставаться

disruption – нарушение

due to – из-за

power – энергия, питание

outage – отключение

failure – отказ

upgrade – обновление

involve – включать

denial attack – атака, направленная на вызов отказов в работе

ACID = automated classification and interpretation of data

Exercises