--Originally published at Don't Trust Humans, Trust Computers
Many good things in life come in thirds, for example: movies, triplets, videogames sagas, three cakes, or even the three episodes per season of Sherlock. But when it comes to cyber security topics there is also good thirds, like the CIA (not to get confuse with certain agency in the USA). I am talking about Confidentiality, Integrity and Availability. These are some of the most important subjects to take in consideration when you are involve in cyber security. But you maybe asking, what are this concepts? well, basically we use this three concepts as a model that will help us identify if we have a secure system or not.
First, let’s start with confidentiality. This concept is about keeping information hidden from unauthorized people. It is a very important concept because is about keeping our information “safe and sound”. We don’t want any other person but us to see the information we have in a system. There are many ways this concept can be apply. One way we can apply this concept as users, is by having a strong password. Creating a complicated password that is only know by the user is respecting the confidentiality concept. And in the other side, encryption is also a common method in the systems to respect the confidentiality aspect.
The second aspect is integrity. Integrity consist of maintaining the data consistent and accurate and avoiding data corruption. In here the goal is that the data doesn’t suffer unwanted changes; that the information that is in the system remains the same without any user making any changes, unless he/she does them, or even sometimes other system but the user is aware that the data will be change. To make sure integrity is fulfill, there are some methods to accomplish this. One of them is by
And the third and last concept is availability. When we talk about availability, we meant that the information we have a in system, will always be accessible to an authorized user, no matter what. In here is very important that both, the hardware and the software, are working perfectly, because if something happens to one of them the availability concept may not be guaranteed.A way of keeping availability in a system could be having a effective recovery system, so if something happens data could be fully recover.
If a system broke any of the concepts explained above, then we can surely say that no one will trust that system ever. For example, lets see what will happen if any of the concepts is violated. If the confidentiality is missing then any person could have access to your data and see all your private information. Or what if integrity is missing, all your information will be different every single time. You would not rely on the information of that system, because you would know that is corrupted data. And lastly availability, what if you couldn’t get access to your data quickly and effectively ? Imagine you are at a meeting and want the information that is in a system, but you can’t access it because there are some errors inside the system denying you access to it.
All this concepts are very important, but we need to have in mind that are concepts regarding the protection of the data in a system. When creating a system we need to take in consideration this concepts, but also other ones in other aspects so we can have a “fully” secure system.
Stay safe
A.C.
References http://www.doc.ic.ac.uk/~ajs300/security/CIA.htm http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA http://www.techrepublic.com/blog/it-security/the-cia-triad/
