Availability in Information Security
Prerequisite – Information Security
Availability is one of the three basic functions of security management that are present in all systems. Availability is the assertion that a computer system is available or accessible by an authorized user whenever it is needed. Systems have high order of availability to ensures that the system operates as expected when needed. Availability provides building of fault tolerance system in the products. It also ensures the backup processing by including hot and cold sites in the disaster recovery planning.
There are mainly two threats to availability of the system which are as follows:
1. Denial of Service 2. Loss of Data Processing Capabilities
The above two facets of availability are explained as following below:
1. Denial of Service:
Denial of Service specifies to actions that lock up computing services in a way that the authorized users is unable to use the system whenever needed. Availability is also blocked in case, if a security office unintentionally locks up an access control of database during the routine maintenance of the system thus for a period of time authorized users are block to access. In the computer systems, internet worm overloaded about 10% of the system on the network, causing them to be non responsive to the need of users is an example of denial of service.
2. Loss of Data Processing Capabilities:
The loss of data processing capabilities are generally caused by the natural disasters or human actions is perhaps more common. Contingency planning is the measure to counter such type of losses, which helps in minimizing the time for that a data processing capability remains unavailable. Contingency planning provides an alternative means of processing which involves business resumption planning, alternative site processing or simply disaster recovery planning thereby ensures data availability.
Security aspects of Availability:
Generally, three basic issues are aspects of security initiatives that are used to address availability, they are:
- Physical issues:
The physical issues includes access controls that prevent unauthorized persons from coming into contact with computing resources, various fire and water control mechanisms, hot and cold sites for use in alternative site processing, and backup storage facilities.
- Technical issues:
Technical issues includes the fault-tolerance mechanisms, electronic vaulting (automatically backup to a secure location) and access control software to restrict unauthorized users from disrupting services. Fault tolerance mechanisms involves hardware redundancy, disk mirroring and application checkpoint restart.
- Administrative issues:
The issues comes in the administrative aspect of availability are access control policies, operating procedures, contingency planning and user training. Proper training of operators, programmers and security personnel can help avoid many computing stages that leads to the loss of availability.