According to the Cambridge dictionary, security is defined as follows: « Protection of a person, building, organization, or country against threats such as crime or attacks by foreign countries”.
The question arises as to what digital security is and what are the associated needs. Today, with the explosion of new technologies, the security of computer data represents a major issue, both for individuals and for professionals. The latter is based on 4 criteria: confidentiality, integrity and availability. A final criterion has emerged more recently to complement these needs: traceability.
But what does each of these criteria represent?
Confidentiality ensures that the data concerned can only be accessed by authorized persons. It is a question of being able to keep certain information secret according to several factors such as the sector, the goals, and the people who are authorized or not to access this data. There are various means today to make computer data confidential: encryption has been set up, as well as systems of authorizations to allow certain people to have access to the data concerned.
Integrity involves the quality and consistency of data information. The computer data must be accurate and reliable without having been altered or deleted. By remaining accurate, this computer data is considered to have integrity. You make a transfer of 1000€ to your bank account, you expect to find 1000 euros and not ten.
Availability concerns how accessible the data is to the user. This means that the final application of a digital service is available to the user at the time he needs it. The lack of access to this service can cause damage.
Let’s take an example. As a user, you want to access a web page. It must be accessible to you, without obstacles. You expect to receive a certain type of service, by providing it to you, it respects this criterion of availability. But unavailability can also be a hindrance for the service administrator. Service downtime can cause economic losses.
Traceability is a less obvious but equally important criterion since it is the element of proof. It is a matter of being able to attest, for example, that the person supposed to send certain information is indeed the person who acted as agreed. Traceability can be based on logging. This is a way to record all the actions performed. They can be useful in case of a data incident, both to make people responsible and to understand the origin of the accident.
It is difficult today to prioritize the seriousness of the impact of one of these criteria. The importance of each of these criteria depends on the sector of activity concerned and the objectives and needs associated with it. The confidentiality criterion will not have the same impact on a babysitting company as on a hospital for example.
It is not a question of putting all these criteria on an equal footing – but finding a balance to be adapted to the purpose and needs.