Computer Notes

Header Right

Home » Management » System Concepts » The 4R Model of Information Security

The 4R Model of Information Security

By Dinesh Thakur

The ISO/IEC 27001 definition of information defines information as an ‘asset’. Therefore, information is something that has value and requires to be protected against theft or destruction. In order to protect information from theft or destruction, all counter measures that are taken come under the purview of Information security measures. Information security is therefore defined as all steps taken by the organization to protect its information and information systems. The steps may be technical or managerial in nature and may involve automation or manual controls.

At the core of the concept of information security lies the concept of 4R which are

  1. Right information-means that information has to be accurate and complete
  2. Right people-means that information is available to the people who are authorized to receive it.
  3. Right time-means information must be available to the authorized individual on demand.
  4. Right format/form-means that information must be given in a format that makes some meaning. It has to be given in a format that makes decision-making easier.

                            The 4R Model of lnformation Security

If information has to be protected, the 4Rs must be applied properly, information and its value must be well understood and the threats to it must be analyzed in detail. Only then, can counter measures be taken to ensure that there is no deviation from the principles of the 4R, i.e., information confidentiality is maintained, information integrity is guaranteed, availability to authorized personnel is ensured on demand and the integrity of the formats of information storage and delivery are not tampered with.

However, there are risks to information assets. While some risks may be eliminated, some risks can only be minimized. Such risks are to be managed properly to ensure smooth functioning of the information infrastructure. From a security perspective, risks are potential issues and have to be understood carefully in order to come up with security counter measures that would minimize or eliminate the risk.

Risk may be defined by the formula as:

Risk =ƒ (Information asset value, threats, vulnerabilities)

As one can see, risk to an information system can be defined as a function of the asset value of the information, the threat to the information and its vulnerabilities. Risk can therefore be managed if we are able to manage the asset value, the threat to it and its vulnerabilities.

The risk management alternatives therefore are:

  1. Risk reduction.
  2. Risk acceptance.
  3. Risk transference.
  4. Risk avoidance.




You’ll also like:

  1. What is Network Security? Explain Basic Requirements of Network Security.
  2. Business Value of Information in Management Information Systems
  3. what is the difference between information systems and information technology
  4. Network Security – What is Network Security Threats?
  5. What is Information Technology? Explain Difference Between Data and Information
Like/Subscribe us for latest updates     
About Dinesh Thakur
Dinesh ThakurDinesh Thakur holds an B.C.A, MCDBA, MCSD certifications. Dinesh authors the hugely popular Computer Notes blog. Where he writes how-to guides around Computer fundamental , computer software, Computer programming, and web apps.

Dinesh Thakur is a Freelance Writer who helps different clients from all over the globe. Dinesh has written over 500+ blogs, 30+ eBooks, and 10000+ Posts for all types of clients.


For any type of query or something that you think is missing, please feel free to Contact us.