Lab 2 -21072009-

Today’s lab is mainly about information technolory security. Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organization are met.

Basically, the goals of information security are confidentiality, integrity and availability. Other thna that, information technology security are able to:-
• Provide strong network logon authentication.
• Decreased risk to operations and business. 
• Provide legitimate use of resources which ensuring that resources are from the original source.

NTFS, short for NT File System, is designed with local file security. It is one of the file system for Windows server 2003. NTFS has features to improve reliability, such as transaction logs to help recover from disk failures. To control access to files, user can set permissions for directories and individual files. NTFS files are not accessible from other operating systems such as DOS.

Data confidentiality can be defined as ensuring that information is accessible only to those authorized to have access. To ensure data confidentiality, one can set accesibilty to files and folder. In NTFS, user can assign permission to certain file or folder to prevent from intruder to access the files. By default, administrator has full control over all the file and folder which include Read and execute, List Folder Contents and Read. 

Data availablity refers to the degree to which data can be instantly accessed. Data availaibity is essential to ensure data continues to be available at a required level of performance. Secured
data that is inaccessible is considered downtime and detrimental to a business. An important notes to be known is that data that is secured too strongly might conflict with the availability . Means to reduce downtime and increase data availability are backups, clustering, load balancing and RAID. 

Data integrity can be defined as data that has not been tampered with intentionally or accidentally. In other term, data integrity means the reliability, validity and correctness of data. Data integrity can be damaged by viruses, worms, hackers and Trojan horses. Besides, data integrity can be threatened by environmental hazards such as dust, surges, and excessive heat. Disaster recovery plans, an equipment standards policy, system documentation and preventive maintenance might help to maintain data integrity.