Introduction
Security is one of the key practices that every institution should perform in a daily basis to provide confidence, integration as well as availability for all resource that the company is managing. The implementation of security procedure is common for all kind of institutions but might different adding extra layer/feature as per the nature of the institution to minimize threats.
In this page we are going to discuss about the different concept of security practices , hope you will enjoy the content.
Privacy
It is mainly focusing on how your personal information is collected and supposed to be viewed or stored, used or shared across different entities. Organizations are required to be transparent about what forms of data they intend to collect, the purpose of the data collection, and where and with whom it is to be shared.
This let you to accept these terms and conditions; therefore, you have the right to control your shared information.
To make the concept simple, lets’s take the following scenario
Example : – consider that you download a new app on your smartphone, you are often asked to agree to a privacy policy. This policy will detail what information the app is going to collect and how it will be used. It is up to you to decide if you agree to the terms or not.
Security
It is mainly focusing on protecting your personal information gathered from any danger or threat. This means protecting from unauthorized access of data, often involving protection against hackers or cyber criminals for potential breaches or leaks. In a digital world , This is called Cyber Security.
Different business and apps store information about peoples such as Name, Address, Email, Phone Number, Bank details, birthdate, e.t.c. This could let data to be vulnerable to cybercriminals for the purposes of identity theft.
To create a reliable security, companies use different tools and method. Some of the tools and techniques are the following
- Firewall
- Network Limittation
- User Authentication
- Security Software
- Internal Security Measures with advance technology
Note : – Security can exist without privacy, but the reverse is not true
CIA
CIA – Stand for confidentiality, Integrity, and availability
- Confidentiality. : – It is mainly involve the efforts of an organization to make sure data is kept secret or private. This could be implemented by preventing people without proper authorization from accessing assets important to your business.
- Integrate : – The data’s collected are trustworthy and free from tampering. The integrity of your data is maintained only if the data is authentic, accurate, and reliable. To protect the integrity of your data, you can use hashing, encryption, digital certificates, or digital signatures. For websites, you can employ trustworthy certificate authorities (CAs) that verify the authenticity of your website. Let us consider a scenario for integrty
- Let’s say, You have a. website which is presenting a new product to customer. This information needs to have integrity. If it is inaccurate, those visiting the website for information may feel your organization is not trustworthy. Someone with the intension of hurting the company can hack the website and change the content of the website.
- Availability : – Refers that systems, networks, and applications must be functioning as they should and when they should. Also, individuals with access to specific information must be able to consume it when they need to, and getting to the data should not take much time. Companies use different method to achieve availability or use Backups and full disaster recovery plans also to regain availability soon after a negative event.
- By Using redundant networks, servers, and applications
- By staying on top of upgrades to software packages and security systems . This could help you to tackle a relatively new threat to infiltrate your system
SSO – Single Sign On
This is an authentication procedure that will make a user to login to postman using the same credential information like user name and password. This could facilitate and provide solution to avoid and remember using different username and/or password to access different application.