Headings
...

Availability of information - what is it?

Human life is impossible to imagine without information. Accessibility is its property, which is closest to others related to its security. Let's look at the features of this phenomenon and find out why it is so important.

What is information?

First of all, it is worthwhile to learn in more detail what "information" is.

What is information?

This is not just pure knowledge, but any data (about objects, environmental phenomena and their properties, condition, etc.) that can be recognized and understood (understood) by information systems (machines, programs, animals, people and even individual cells) in the process of their life and work.

The properties

Any data has a number of properties. The main ones are as follows:

Openness and accessibility of information
  • Availability of information.
  • Completeness - affects the quality of information and determines whether it is enough to make a decision or to form new knowledge on its basis.
  • Reliability is the correspondence of the data to the real state of affairs.
  • Adequacy is the degree of this correspondence with respect to reality.
  • Relevance - the importance of information in a given period of time. For example, when buying train tickets via the Internet, the system can issue data on flights for different days. However, it is knowledge that will be important for the user regarding the day of his planned trip, all other information will be irrelevant.
  • Subjectivity and objectivity. Subjectivity is knowledge formed on the basis of perception by their information system. However, the data of this person or machine may be false.
  • Objectivity is reliable knowledge formed without the influence of someone's subjective opinion.

What does the availability of information mean?

This property is a measure of the possibility of obtaining the necessary data. In other words, the availability of information is a guarantee that the user will be able to receive it at an acceptable time for him.

Integrity and completeness of information

This degree is affected not only by the accessibility of knowledge to a wide range of people, but also by the adequacy of methods and its interpretation.

The particular importance of this property for various control systems. For example, for the uninterrupted movement of trains or regular buses, constant access to weather data and road conditions is very important.

Accessibility of information is also important for ordinary citizens. After all, having the opportunity to obtain reliable data about the weather, timetables of vehicles, exchange rates, etc., a person is much easier and more efficient to manage his time.

For which areas is this concept relevant

The term under study is more or less related to the following areas:

  • Information and computer security.
  • Data protection.
  • Protection of computer and information systems.
  • IT (information technology).
  • Data systems operating in certain corporations.

What is the object of accessibility?

When it comes to accessibility in the field of information security, its objects can be not only the knowledge or documents themselves, but also whole resources, as well as automated systems of different directions.

The subject of information relations

Having learned that this is the accessibility of information, and what is its object, it is worth paying attention to those who can use this property of it. Such users are called "subjects of information relations."

Since, to one degree or another, any knowledge is a product of someone's intellectual property, and therefore an object of copyright. So, any information has an owner who controls its availability and is the subject.This can be a person, a group of persons, an organization, etc.

Admin - owner of access rights

Also in this role may be the administrator of the data system, which controls all their properties, as well as regulates or restricts their access rights. This is to prevent any threats to the availability of information.

Access rights

It refers to the capabilities of the subject of information relations to carry out certain operations with the received data.

Confidentiality of information

These include:

  • The right to familiarize yourself with available knowledge.
  • Right to change information. This feature, as a rule, is available only to owners and administrators of systems, in rare cases, to a limited circle of users.
  • The right to copy and store is available to even fewer people, especially if the data is subject to someone else’s copyright or confidential.
  • The right to destroy data belongs to its official owner or authorized administrator.

Threats to data availability

Although most of the above rights are not available to a wide number of users of information systems, this restriction has a very specific purpose. Why is that? Let's figure it out.

Imagine a data system in the form of an ordinary chalkboard. The role of the owner or administrator is performed by the teacher, and the entire class are users with limited access rights.

While the teacher is in the classroom, using the "system" is available to everyone. At the same time, the teacher controls that his wards use it with benefit: receive knowledge or demonstrate the level of learned material.

However, when a change comes and the teacher leaves the classroom, the board is left unattended and students receive all access rights to it. What do you think: what will they do? In any school team there will always be a couple of clever people who will draw, write something (and not always hospitable). And being carried away, they can accidentally erase notes prepared by the teacher for the next lesson. In addition, children can simply spend all the chalk or forget to wash the board.

As a result, with the start of a new lesson, the “system” will not be ready for work. The teacher will have to select part of the lesson in order to put the board in order or resume the erased text.

A familiar picture? In this case, it is shown why control over access rights to information is so important. After all, not all users who want to conduct operations with it are able to use it responsibly. In addition, some of them may simply not have sufficient qualifications for this and their incompetence can lead to the failure of the entire system.

According to statistics, the most common reasons for the threat of information availability are precisely the unintentional errors of ordinary users of various resources or networks, as well as maintenance personnel. Moreover, such oversights often contribute to the creation of vulnerabilities, which subsequently can be exploited by attackers.

For example, in 2016-2017, the Petya virus caused a lot of harm to computer systems around the world. This malicious program encrypted data on computers, that is, actually deprived all accessibility information. It is interesting that in most cases the virus penetrated the system due to the fact that individual users opened letters from unfamiliar addresses without having to conduct a thorough preliminary check, according to all security protocols.

Information System Operators

Each of the accessibility threats can target one of the components of the system itself. Thus, they are distinguished by three:

  • Operator Failure.
  • Internal failure of the data system itself.
  • Failure of supporting infrastructure.

Regarding users with limited rights, there are 3 types of threats to the availability of information.

  • Unwillingness to work with the data system, as a result of the need to develop new capabilities and discrepancies between consumer requests and available properties and technical characteristics.
  • The failure of the system due to the lack of appropriate operator training. As a rule, this is a consequence of a lack of general computer literacy, inability to interpret diagnostic messages, etc.
  • Inability to work with the system due to lack of appropriate technical support (incomplete documentation, lack of background information). Usually this threat to availability is a consequence of errors not of ordinary operators, but of the administrator.

Three pillars of data security: integrity, confidentiality and accessibility of information

When it comes to security, in addition to accessibility, attention is also focused on properties such as confidentiality and data integrity.

Confidentiality means keeping certain knowledge secret and preventing their unauthorized disclosure.

Confidentiality of information

At first glance, it seems that this property is in the opposite of openness and accessibility of information. However, in fact, confidentiality does not limit the very possibility of obtaining the necessary data, but only the number of people who have all the rights to access them.

This property is especially important for sensitive facilities, as well as financial and other documentation, the disclosure of the contents of which can be used to violate the law or harm the integrity of the entire state.

When considering confidentiality, you should not forget that at any enterprise there are two types of data:

  • accessible only to its employees (confidential);
  • publicly available.

The latter, as a rule, are posted on websites, in directories, in reporting documentation. Such openness and accessibility of information about the organization serves not only in the role of advertising its services to potential customers, but also allows regulatory authorities to monitor compliance with the law in the work of a particular enterprise.

By the way, the completeness and reliability of such data is checked by special visiting commissions.

The integrity of the data is its relevance and consistency, as well as its protection against destruction / unauthorized changes. In fact, this property means how much they retain their relevance, adequacy, completeness and reliability.

The integrity and accessibility of information is especially important when it comes to technical documentation.

For example, if unauthorized changes occur in the data on the composition and contraindications to a particular drug (the integrity of the information is violated), patients taking this medicine may simply die.

By the way, a similar effect is also possible if it became known about new side effects of the drug, but access to this information was not open to all potential consumers. That is why these 2 properties are very closely interconnected.

Availability Guaranteed Methods

Ensuring the availability of information is possible thanks to a whole group of methods and methods. Most often in automated systems, 3 of them are used.

  • Creation of uninterruptible power systems, so that the user always has the opportunity to correctly finish the job and not lose data.
  • Reservation and duplication of capacities.
  • Business Continuity Plans.


Add a comment
×
×
Are you sure you want to delete the comment?
Delete
×
Reason for complaint

Business

Success stories

Equipment