The ISO/IEC 27000:2009 provides overview and vocabulary for the information security management system, the ISO/IEC 27001:2005. It defines information security as a preservation of confidentiality, integrity and availability of information. In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved.
In order for an information security activities to be successful, one would have to think about the mentioned preceding elements. Considering a top secret information, which the stakeholders cannot allow to be processed through the systems and internetworks without a good mechanisms in place. Doing so otherwise would only put information in peril. It may also be that information could never be trusted completely.
Taking into account all factors and resources have been in proper places. Let us look at the two important mechanisms that may satisfy the above mentioned security elements:
Cryptography and digital certificates would make information with confidentiality, integrity, authenticity and non-repudiation.
Network structure, private circuit and firewall would make information available and reliable.
The overall efforts, if any, without any of its components being done judiciously and diligently may never be effective to secure information for key stakeholders to believe that those information are authentic and was not altered while on transit or on storage.
Comments