A successful e-business must devise a security strategy that focuses on three primary objectives: confidentiality, integrity, and availability of data and resources.
Your business needs should determine the level of emphasis you place on each objective. For example, national defense system security policies must place the greatest emphasis on confidentiality to protect classified and strategic information. A bank’s funds-transfer system has a greater need for integrity to ensure accurate monetary balances. Finally, an emergency-medical system emphasizes availability to ensure that information and resources are accessible at all times and in many locations.
Although precautions can be taken to detect an unauthorized user, it is extremely difficult to determine if a legitimate user is purposefully doing something malicious. Therefore, the first layer securing sensitive data is preventing unauthorized individuals from accessing sensitive information.
Integrity ensures that information cannot be modified in unexpected ways. Loss of integrity results from human error, intentional tampering, or even catastrophic events. Inaccurate information can become useless or even dangerous.
Restricted availability prevents resources from being deleted or becoming inaccessible. This applies not only to information, but also to networked machines and other aspects of the technology infrastructure. Intentional attacks against computer systems often aim to disable data access or to steal the data. Limiting physical access to critical machines or data sources can eliminate accidents and internal mischief.
Similarly, protecting the network electronically is important when many entry points exist, especially from a public domain like the Internet. The next section discusses technical security issues that you should consider to secure your business environment.
