E-Commerce

University of the People

Term 4, Unit 7, 2018

After referring to Chapter 3 of Information Security for Non-Technical Managers, discuss the

three main areas of accountability regarding information security. When discussing each area,

provide an example from outside the textbook.

We are living in a world where information is free. Everybody can access almost any subject

on the internet, just typing in Google search few words. We are subscribing to websites

without paying attention to the Terms and Conditions and our private data is sold to interested

companies.

This became a big issue on the world wide web and recently, important measures are taken to

protect individuals private information.

It is important to restrict the information that is private. Confidentiality is at risk and this

results in identity theft, credit card stolen and even worse.

The three main areas of accountability regarding information security are confidentiality,

integrity, governance.

Confidentiality

Confidentiality is basically referring to restricting access to private information. The tactics

adopted to increase confidentiality are designed to “prevent sensitive information from

reaching the wrong people while making sure that the right people can get

it.” (techtarget.com, 2018).

This is very important because information is power and in the wrong hands, it can harm

people. High confidential measures are taken and also improved to protect personal
information, bank accounts, credit cards and other private documents. If someone wants to

keep a secret, even if it is stored somewhere online, that person should have this option.

The data that is categorized as confidential is classified by the risk and the damage that could

result if it’s leaking into the wrong hands.

Examples

• One way to protect the date is through encryption. Encryption implies that only some

people who have a “key” can read encrypted information. This is one of the most common

measures adopted today. (blogoverflow.com, 2012).

• Another example of increasing confidentiality is the two-steps authentication. In the last

years, more and more websites ask for this type of authentication, ensuring the

minimization of online theft.

• Another example is security tokens. Many banks adopted this measure. The token has a

private username and code and in order to use it, the user has to generate a password that is

active for only five minutes. If the user inserts the username and the code wrong for three

times, the token will be blocked.

• Another measurement that I encourage is protecting the devices we use. If, for example, a

Mac user will activate the device from a different IP, he will receive a message on the

iPhone asking if he authorized this action.

Integrity

The integrity of information “refers to protecting information from being modified by

unauthorized parties” ((blogoverflow.com, 2012). The information has to be correct to be

valuable and the integrity is supposed to maintain the accuracy of information and
trustworthiness if the data. People hired to protect the integrity and confidentiality of the data

have to be very vigilant and spot the hackers and their attempt to steal the info in the incipient

phase.

Examples

• If the information is altered from the original, it could return in money loss. If someone

tries to send funds and the name of the receiver is altered in the process, the initial user will

lose the funds and probably the bank will lose the customer for poor measurements

regarding the integrity of data.

• Cryptography is a good example of measurements of protecting the integrity of

information.

Governance

Governance refers to the responsibilities and practices of the board and executive

management, seeking to achieve the objectives by ensuring confidentiality and integrity.

These measurements have to be transparent and communicated to the IT department very

clear.

Examples

• Set direction and strategy to describe the risk profile

• Set priorities

• Get assurance from both internal and external shareholders

• Be sure that the management invests in security programs

References:

Bourgeois, D. T., & B. (2014, February 28). Retrieved from https://bus206.pressbooks.com/

chapter/chapter-6-information-systems-security/

Read "Computers at Risk: Safe Computing in the Information Age" at NAP.edu. (n.d.).

Retrieved from https://www.nap.edu/read/1581/chapter/4#55

What is confidentiality, integrity, and availability (CIA triad)? - Definition from WhatIs.com.

(n.d.). Retrieved from https://whatis.techtarget.com/definition/Confidentiality-integrity-and-

availability-CIA

Confidentiality, Integrity, Availability: The three components of the CIA Triad. (n.d.).

Retrieved from https://security.blogoverflow.com/2012/08/confidentiality-integrity-

availability-the-three-components-of-the-cia-triad/

Information security governance: Guidance for boards of directors and executive

management. (2006). Rolling Meadows. Ill.: IT Governance Institute.