--Originally published at Mental Droppings of a Tired Student
Information Security has three main goals: Integrity, Availability and Confidentiality, a triforce of security, if you will.
Lets talk about each of these for a bit:
Integrity
Data integrity refers to the accuracy and consistency of data over its life-cycle. Integrity is a key component of the security trinity since corrupted data is of little use to enterprises. Moreover, sensible data loss could be lethal for a company, hence why data integrity is such a big deal. Corporations go through great lengths in order to safeguard their data and information. Additionally, enterprise security solutions are a real asset companies often focus on.
Let’s see how exactly data can be compromised… what is data’s worst nightmare? Each time data is replicated or transferred, it should remain unaltered between stages. Error checking methods and validation procedures are typically relied on to ensure the integrity of data that is transferred or reproduced to ensure it has not suffered alterations.
Some error checking procedures are absolutely mind blowing, ECC, checksum, parity bits it’s all very arcane and mathematical. They type of thing that somehow works but leaves you wondering how someone would even think of such a strange yet effective solution.I’m convinced who ever came up with this probably made a deal with the devil to acquire that level of genius. I’m talking about you Hamming.
Anyway! Data integrity can be compromised in many ways, making data integrity practices an important component of effective enterprise security protocols. That’s right, you can be the MVP at your job just for being more mindful of security risks. Not a lot of engineers seem to consider this, they tend to worry about functionality.
Internet of things *cough*Data integrity may be compromised through:
- Human error, whether malicious or unintentional.
- Transfer errors, including unintended alterations or data compromise during transfer from one device to another.
- Bugs, viruses/malware, hacking, and other cyber threats.
- Compromised hardware, such as a device or disk crash.
- Physical compromise to devices.
Availability
For any information system to serve its purpose, the information must be available when it is needed. There is no use in having bulletproof data integrity if the data itself is difficult to access. In other words, the computing systems used to store, protect and process the information, and the communication channels used to access it, must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades.
An example of this could be Oracle’s Database and a product used within the database dubbed ASM. One of the key mechanisms developed within ASM is the ability for the database to be completely functional an available even if a diskgroup is down or an update is occurring within the database.
Ensuring availability also involves preventing denial-of-service attacks, such as a flood of incoming messages to the target system essentially forcing it to shut down.
Here is a nifty video explaining DOS attacks.
Confidentiality
This one is pretty much self explanatory, how to keep your information safe from prying eyes has been a true art form since the beginning of time. In information security, confidentiality “is the property, that information is not made available or disclosed to unauthorised individuals, entities, or processes” . You don’t say…
All jokes aside, information security is serious business, so much that as of the fourth quarter of 2015, quarterly revenue generated by RSA Security, the subsidiary company of EMC that specializes in information security products and services, came to approximately 258 million U.S. dollars. Not only is money involved, but matters of national security.
As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyberwarfare attacks, yet at the same time has very significant capabilities in both defense and power projection thanks to its advanced technology and large military budget.
Hence, as of 2006, The United States deemed it necessary to create a Cyber Command that centralizes the command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks. It is an armed forces sub-unified command subordinate to United States Strategic Command.
So dear reader, these are the three valiant goddesses of information security. Respect them, worship them and cherish them.