Confidentiality is the protection of information in the system so that an unauthorized person cannot access it. This type of protection is most important in military and government organizations that need to keep plans and capabilities secret from enemies. However, it can also be useful to businesses that need to protect their proprietary trade secrets from competitors or prevent unauthorized persons from accessing the company’s sensitive information (e.g., legal, personal, or medical information). Privacy issues have gained an increasing amount of attention in the past few years, place the importance of confidentiality on protecting personal information maintained in automated systems by both government agencies and private-sector organizations. Confidentiality must be well defined, and procedures for maintaining confidentiality must be carefully implemented.
A crucial aspect of confidentiality is user identification and authentication. Positive identification of each system user is essential in order to ensure the effectiveness of policies that specify who is allowed access to which data items.
Threats to Confidentiality:
Confidentiality can be compromised in several ways. The following are some of the commonly encountered threats to information confidentiality –
- Unauthorized user activity
- Unprotected downloaded files
- Local area networks (LANs)
- Trojan Horses
Confidentiality models are used to describe what actions must be taken to ensure the confidentiality of information. These models can specify how security tools are used to achieve the desired level of confidentiality. The most commonly used model for describing the enforcement of confidentiality is the Bell-LaPadula model.
- In this model the relationship between objects (i.e, the files, records, programs and equipment that contain or receive information) and subjects (i.e, the person, processes, or devices that cause the information to flow between the objects).
- The relationships are described in terms of the subject’s assigned level of access or privilege and the object’s level of sensitivity. In military terms, these would be described as the security clearance of the subject and security classification of the object.
Another type of model that is commonly used is Access control model.
- It organizes the system into objects (i.e, resources being acted on), subjects (i.e, the person or program doing the action), and operations (i.e, the process of interaction).
- A set of rules specifies which operation can be performed on a object by which subject.
- Difference between Information Security and Network Security
- Difference between Cyber Security and Information Security
- Principal of Information System Security : Security System Development Life Cycle
- What is Information Security?
- Need Of Information Security
- Information System and Security
- Information Security | Integrity
- Threats to Information Security
- Vulnerabilities in Information Security
- Availability in Information Security
- Top 5 Information Security Breaches
- Digital Forensics in Information Security
- Approaches to Information Security Implementation
- Risk Management for Information Security | Set-1
- Information Security and Cyber Laws
- Message Digest in Information security
- Information Security and Computer Forensics
- Risk Management for Information Security | Set-2
- Principle of Information System Security
- Principal of Information System Security : History
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.