Infosec goals

Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Its goals are

  • Plausible Deniabilty seeks to prevent the disclosure of information by presenting an argument about the knowledge a given individual has. This is a second order game, at least one level removed from direct protection of information.

  • Data Confidentiality is the protection of information in the system so that an unauthorized person cannot access it. Confidentiality is maintained through restrictions or limiting access.

  • Data Integrity is the protection of system data from intentional or accidental unauthorized changes. Maintaining integrity can be possible through the restriction of editing, liability, and modifying information.

  • Data availability is ensuring the reliability of the access to information. The ways to maintain availability: access procedures, back-up or also duplication, maintenance of hardware and network connection.

  • Forward secrecy aims to prevent future exploits and security breaches from compromising current or past communication, information or data by isolating each transaction’s encryption.

  • Post compromise security is the protection of users’ data after the encryption key has been compromised.

  • Perfect secrecy is based on statistics and probabilities. A ciphertext maintains perfect secrecy if the attacker’s knowledge of the contents of the message is the same both before and after the adversary inspects the ciphertext, attacking it with unlimited resources.