Information Systems Security or Information Security is the "protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats." National Information Assurance (IA) Glossary, CNSS Instruction No. 4009, June 2006.

Requirements

Information security requirements are specified in terms of:

Confidentiality  Assurance that information is not disclosed to unauthorized users or processes.

Integrity  Assurance that data or processes have not been altered or corrupted by chance or by malice, without being detected.

Availability  Assurance that information or information systems will be available to users when required.

Authentication  Assurance that entities are properly identified including users and hosts.

Accountability / Non-Repudiation  Proof of authenticity and integrity of transactions.

Reconstitution  Ability to restor systems and operations following loss or disruption.

---

Services

A security architecture is designed to provide a balanced combination of information security services. These include:

Protection  Tools and processes to control access and availability of information to intended users. These include boundary definition and protection, encryption, virtual private networks, content inspection, anti-virus systems, host controls, and application controls among others.

Measurement  Tools and processes to assess state of security. Provides a "control-loop" for protection. These include intrusion detection, vulnerability assessment, network mapping, audits, among others.

Support  The security infrastructure to enable protection and measurement. This may include services for public key infrastructures (PKI), directories, certificates, enterprise managment, and incident response.

---

Mechanisms

Information security mechanisms include specific products, processes, and implementations.

When you engage us for an assignment, you can be confident that we understand your problem and will provide you with the solution that is appropriate to your needs.