Network and Data Security

The challenge of keeping your network secure has never been greater, or more important than it is today. Unauthorized network access can expose or destroy your proprietary data, negatively affect company productivity and irreparably harm your relationships with customers and business partners.

Computer Maintenance Service helps organizations of all sizes to evaluate the latest network security technologies and integrate the right safeguards within all the necessary areas of their network. Our engineers can also work with your internal staff to implement best security policies and practices to efficiently combat ongoing threats.

When thinking about information security there are three key concepts to consider known as the CIA methodologies.

CIA is a widely used benchmark for evaluation of information systems security, focusing on the three core goals of confidentiality, integrity and availability of information.

Data confidentiality
Confidentiality refers to limiting information access and disclosure to authorized users -- "the right people" -- and preventing access by or disclosure to unauthorized ones -- "the wrong people."

Underpinning the goal of confidentiality are authentication methods like user-IDs and passwords, that uniquely identify a data system's users, and supporting control methods that limit each identified user's access to the data system's resources.

Also critical to confidentiality -- and data integrity and availability as well -- are protections against malicious software (malware), spyware, spam and phishing attacks.

Confidentiality is related to the broader concept of data privacy -- limiting access to individuals' personal information. In the US, a range of state and federal laws, with abbreviations like FERPA, FSMA, and HIPAA, set the legal terms of privacy.

Data integrity
Integrity refers to the trustworthiness of information resources.

It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity. It also includes "origin" or "source integrity" -- that is, that the data actually came from the person or entity you think it did, rather than an imposter.

Integrity can even include the notion that the person or entity in question entered the right information -- that is, that the information reflected the actual circumstances (in statistics, this is the concept of "validity") and that under the same circumstances would generate identical data (what statisticians call "reliability").

On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.

Data availability
Availability refers, unsurprisingly, to the availability of information resources. An information system that is not available when you need it is at least as bad as none at all. It may be much worse, depending on how reliant the organization has become on a functioning computer and communications infrastructure.

Almost all modern organizations are highly dependent on functioning information systems. Many literally could not operate without them.

Availability, like other aspects of security, may be affected by purely technical issues (e.g., a malfunctioning part of a computer or communications device), natural phenomena (e.g., wind or water), or human causes (accidental or deliberate).

While the relative risks associated with these categories depend on the particular context, the general rule is that humans are the weakest link. (That's why each user's ability and willingness to use a data system securely are critical.)