Instructions: Kindly fill-up with necessary information in the space provided.

Trillanes, Emmalyn R Section 3D

Student’s Name
(Last Name                   First Name                 Middle
School Year 2020-2021
Initial)

Degree Program 🞅1 st
Year
Bachelor of Science in Computer Science 🞅2 nd
Year
Year Level
●3 rd
Year
Course Code IAS 101 🞅4 th
Year

Information Assurance and Security ●1 Semester

st

Course Title Semester 🞅2 nd

Semester

Instructor/ Jinky Tumasis Week(s) Covered

Professor

DO NOT FORGET TO SAVE YOUR FILE AS : 

<Lastname_CourseCode_Section_WeekNo_Semester_ANSNo.docx>  Example: Delacruz_CC111_BS1MA_Week1_1stSem_ANS1.docx 
* You may write below this line.

5 Principles of Security

Confidentiality

- Is probably the most common aspect of information security. The principle of confidentiality
specifies that only the sender and intended recipient should be able to access the contents of a
message.

Confidentiality gets compromised if an unauthorized person is able to access a message. Protection

of confidential information is needed. An organization needs to guard against those malicious actions
to endanger the confidentiality of its information.

Example:

- Examples of confidentiality risks include data breaches caused by criminals, insiders

inappropriately accessing and/or sharing information, accidental distribution of sensitive
information to too wide of an audience.

Integrity

- Information needs to be changed constantly. Integrity means that changes need to be done only by
authorized entities and through authorized mechanisms. When the contents of a message are
changed after the sender sends it, before it reaches the intended recipient it is said that integrity of
the message is lost.

Integrity violation is not necessarily the result of a malicious act; an interruption in the system such
as a power surge may also create unwanted changes in some information. Modification causes loss
of message integrity.

Example:

- Examples of attacks on integrity include email fraud attacks which compromise the integrity
of communications, financial fraud and embezzlement through modification of financial
records, even attacks like Stuxnet that impacted the integrity of industrial control systems
data flows to cause physical damage.
Availability

- The principle of availability states that resources should be available to authorized parties at all
times. The information created and stored by an organization needs to be available to authorized
entities. Information is useless if it is not available.

Information needs to be constantly changed which means it must be accessible to authorized

entities. The unavailability of information is just as harmful for an organization as the lack of
confidentiality or integrity.

Availability also takes into consideration if and how sensitive information will be accessed, even if
the information systems fail partially or fully. For instance, if a database failover occurs, ideally
employees would still be able to access the information most critical to their business operations.

Example:

- Examples of attacks on availability include Denial of Service attacks, Ransom ware (which
encrypts system data and files so they are not accessible to legitimate users), even swatting
attacks which can interrupt business operations.

Authentication

-is the mechanism to identify the user or system or the entity. It ensures the identity of the person
trying to access the information. The authentication is mostly secured by using username and
password. The authorized person whose identity is preregistered can prove his/her identity and can
access the sensitive information.

Authentication methods can be relatively common and easy to utilize, such as passwords, scannable
cards, or multifactor authentication. They can also be more complex, such as biometrics tools
capable of scanning your eyes or fingerprints. When authentication is compromised, it damages
organizations’ reputation as well as their Infrastructure, proving just how vital strong authentication
mechanisms are.

Example:

- a user ID and password, biometric signature and perhaps a personal question the user must
answer it is called multifactor authentication (MFA). Another example is, a server would
authenticate users using its own password system, login IDs, or usernames and passwords.

Nonrepudiation

- is a word often used in legal contexts, but it can be applied to information assurance procedures,
too. Nonrepudiation means that when information is transferred, there needs to be proof that the
action was successfully completed on both the sender’s end and the receiver’s end.
This principle helps to ensure that users are who they say they are and that the data has not been
altered during its transmission. Nonrepudiation is commonly tracked through file logs and verified
cross-network data exchange systems.

Example:

- If you take a pen and sign a (legal) contract your signature is a nonrepudiation device. You
cannot later disagree to the terms of the contract or refute ever taking party to the
agreement. Another example, pen signatures on credit card receipts are rarely verified, and
even when the clerk glances at the back of the card, he is probably not a handwriting expert
and could not tell a trivial forgery from the real thing.

Group Members

Jester Aeron V. Clark

Aimae Beloy

Eljo Rey Ramos

Emmalyn Trillanes

Joyce Contapay

Vannesa Vallere Canizar