Cyber-Security: Handling Information Assets
Information assets
Valuable data is called ‘information assets’. Information such as full name, date of birth, address, social security number, passport number etc are 'valuable data'.
Online services such as banks and shops need to securely hold data and only allow the correct persons access to it for inspection or changing that information.
Security of online communications and services is improved by the use of ‘authentication’ and ‘non-repudiation’.
Authentication
If we receive a message, we need to be confident that it really came from the person it perports to come from. Before an online service allows a user to access their data it should take steps to verify that that person is the person who should have access to the data. It is necessary for the service to verify the identity of the user. This is known as authentication.
Non-Repudiation
Non-repudiation is about ensuring that users cannot deny knowledge of sending a message or performing some online activity at some later point in time. For example, in an online banking system the user cannot be allowed to claim that they didn’t send a payment to a recipient after the bank has transferred the funds to the recipient’s account.