Meet now the 3 Information Security Pillars and find out how ISO 27001:2013 may be differential in your own operations.
In today’s article, I’ll be introducing the topic of the 3 Information Security Pillars. After all, information security has been taking over the market’s room little by little. 27001 is an important ISO, of voluntary adoption and that might make a big difference to your company.
In any case, we have come to the conclusion that the 3 information security pillars available in ISO 27001 are extremely useful to any company and it is helpful for information treatment. They are the base fundaments of building a system that protects the own company and guarantees that, the clients as well, get the same protection they deserve.
The 3 information security pillars are Availability, Confidentiality and Integrity. Let’s take a look at each one of them.
This pillar is directly linked to the possibility of access to information.
According to the pillar, all information must always be at disposal, and on 2 different levels
- Time – When the information is needed;
- Locality – When it must be utilized.
In that way, a single document must not be unavailable to those who need it, regardless of the reason.
Obviously, there are rules involved in the information availability. And this principle is directly affected by our next concept, the Confidentiality pillar.
The second one of the 3 information security pillars is Confidentiality. According to the pillar, access to information must only be granted to those who have the permission to access it.
In this way, even though the required information is available when and where it is necessary, it is mandatory that only those who have the authorization will access them.
This might be the pillar that most causes doubts between management system professionals. However, we will see that it is not incomprehensible. Basically, we can say that the Integrity pillars is divided in 3:
- We must avoid that any information deteriorates or loses the capability of being comprehensible. What that means is, as an example, that there mustn’t be any information stored physical documents “catching dust”. If the paper deteriorates, the information loses it’s integrity. In digital ways, we can mention the similar case of corrupted files or compromised bank data.
- Furthermore, we must protect all data against type of UNINTENTIONAL alterations. When, for an example, updating a client’s registration, it is possible that the person who’s responsible for the update might get confused and updates the registration of the wrong client. In that case, it corresponds to an information integrity malfunction. It is also worth mentioning that even though it is incorrect, the information may still attend to the other pillars, in other words, it might still be available and be suitable for the confidentiality principles;
- We must also guarantee that intentional alterations maintain the information correct and intact. Therefore, our management systems require gadgets that, makes sure that no dishonest modification is made (or detected), just as any possible incorrect modification, resulted from lack of training, for an example, is not committed. In short, the information’s “content” must be intact and trustworthy.
If we could sum up all of the 3 information security pillars in a single sentence, I would say that:
The information that we decide to control must be available when and where necessary (Availability), making sure that only those who have the authorization will be granted of access to the information (Confidentiality) and, last but not least, still ensuring that the information is trustworthy and can be utilized for it’s due purposes (Integrity).
The importance of Information Security
Without any doubts, we can all affirm that essential information is available in every single company and within each company’s sections. Therefore, managing information started to be a necessity of any interested parts as a whole.
And as if this was not enough, a truly efficient information management system can also provide useful data to the company, assisting the company to obtain competitive advantages and improving as a whole.