---
title: "information-security"
aliases: 
tags: 
- comp210
---

Information security is the science of protecting information assets. These include data, systems, equipment, and infrastructure. 

>[!Definition]
> "The preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.” 
> (ISO27000 Information Security Management Systems – Overview and Vocabulary)

There is a continuous need for IS as the environement around it is rapidly changing.

Information systems have 6 main components
- data
- people
- hardware
- software
- network
- procedures

IS can be split into three main components, called the [cia-triad](notes/cia-triad.md). The components are:
- Confidentiality
- Availability
- Integrity

People often use the [mccumber-cube](notes/mccumber-cube.md) to think about the security of their system and identify potential vulnerabilities. 

It is impossible to create a "perfectly secure system". There exists a [access-security-tradeoff](notes/access-security-tradeoff.md)