A computer network is something that cannot be separated from the information technology. Sure, it is expected that the network or system is able to provide safe and secure services to the users. Yes, the safe and secure services are basically the users’ rights. For this reason, it is important for the providers of the computer network to conduct confidentiality aspect analysis. The analysis is functioned to measure the level of secrecy.
Before talking about the confidentiality aspect more deeply and how to analyze it, it is better to explain the aspects included in a good computer network or system. The aspects themselves are divided into some categories; they are authentication, integrity, authority, confidentiality, and privacy. What are the definitions of each of them? Authentication is an aspect that involves the information receiver in which the receiver must be able to ensure the originality of the message, whether the information is given by a right person or not.
Integration refers to the message originality sent via a certain network. The receiver must make sure that the information is not modified by other people who don’t have rights and authority. Authority aspect is quite similar to the integrity aspect that is related to the right of people with authority to give and modify the information. Next, there is a privacy aspect that talks about the private data that should not be leaked or informed to other people who don’t have any right of it.
Lastly, there is confidentiality that will be discussed more in this page. Confidentiality is basically an effort to keep information from others who don’t have the rights to access it.
There are some methods to analyze the confidentiality aspect. The most popular one is by exploiting the security gap in one of the ports so that problems like data theft can be prevented. It is also important to conduct for further threat detection. So, what are the steps of the confidentiality aspects analysis to implement? Here are they and the explanations.
Vulnerability is an activity to analyze a particular type of network. This action is conducted to know parts of the system that tend to be attacked. It is also to acknowledge the weakness of the system. This activity is definitely helpful to improve the security system since the beginning. Therefore, the security system in the computer network is more than just counter-attacking but also preventing.
The threat may often define as the enemy of the computer network. But still in relation to this, the threat also means the activities of network analysis with a purpose to know and learn about the threat or attack possibilities that are coming from inside and outside. There are some threats that can be removed during this step.
First, it is named destruction, efforts to damage systems in a network including virus and malware. Second, denial is efforts to paralyze a certain service in the network. Third, there is also theft or attempts to steal sensitive and important information in the network. Fourth, modification, it is an attempt to change important data within the network. Lastly, there is fraud or efforts to deceive toward a particular data system.
The impact is another analysis action. It refers to the analysis of impacts caused by attacks happening in the network. The impacts are related to actions in the form of destruction, denial, theft, modification, and fraud mentioned above.
Still about an analysis action, frequency is to analyze and record the frequency of attacks in a network in a certain period of time. For example, this action is to record the frequency of the host to be attacked by a virus or other threats.
After the process of analyzing and recording objects and items found during the steps mentioned above, it is expected that the problems happening in the network can be easily solved. The final results are used as guides to improve the security system. This last step is known as countermeasure or reciprocation.
Supporting Information for Confidentiality Aspect Analysis
Of course, all the steps mentioned above cannot be done manually. They need some supports to make the process done more smoothly. First of all, the threats mentioned above including destruction, denial, and others are again categorized into three types. It is the unauthorized access that is done by them who don’t have authority. Second, it is possible if the threat is basically only a kind of misinformation. Third, the threat can also refer to the refusal toward a service since the system just detects information to be disturbing and it considers it a threat.