Triforce of Security (Mastery 2)

--Originally published at Mental Droppings of a Tired Student

 

Information Security has three main goals: Integrity, Availability and Confidentiality, a triforce of security, if you will.

triforce

Lets talk about each of these for a bit:

Integrity

Data integrity refers to the accuracy and consistency of data over its life-cycle. Integrity is a key component of the security trinity since corrupted data is of little use to enterprises. Moreover, sensible data loss could be lethal for a company, hence why data integrity is such a big deal. Corporations go through great lengths in order to safeguard their data and information. Additionally, enterprise security solutions are a real asset companies often focus on.

spongebob-brain-fire
Data loss Hades it seems…

Let’s see how exactly data can be compromised… what is data’s worst nightmare? Each time data is replicated or transferred, it should remain unaltered between stages. Error checking methods and validation procedures are typically relied on to ensure the integrity of data that is transferred or reproduced to ensure it has not suffered alterations.

tumblr_o1rczbbvx61ss9wjzo1_500

Some error checking procedures are absolutely mind blowing, ECC, checksum, parity bits it’s all very arcane and mathematical. They type of thing that somehow works but leaves you wondering how someone would even think of such a strange yet effective solution.I’m convinced who ever came up with this probably made a deal with the devil to acquire that level of genius. I’m talking about you Hamming.

hamming_3
I mean look at him, it’s obvious he has a dark secret. Even that black cat looks terrified.

Anyway! Data integrity can be compromised in many ways, making data integrity practices an important component of effective enterprise security protocols. That’s right, you can be the MVP at your job just for being more mindful of security risks. Not a lot of engineers seem to consider this, they tend to worry about functionality.

article_post_width_lol_ddos
35618455
giphy
Internet of things *cough*

Data integrity may be compromised through:

  • Human error, whether malicious or unintentional.
  • Transfer errors, including unintended alterations or data compromise during transfer from one device to another.
  • Bugs, viruses/malware, hacking, and other cyber threats.
  • Compromised hardware, such as a device or disk crash.
  • Physical compromise to devices.

Availability

For any information system to serve its purpose, the information must be available when it is needed. There is no use in having bulletproof data integrity if the data itself is difficult to access. In other words, the computing systems used to store, protect and process the information, and the communication channels used to access it, must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades.

An example of this could be Oracle’s Database and a product used within the database dubbed ASM. One of the key mechanisms developed within ASM is the ability for the database to be completely functional an available even if a diskgroup is down or an update is occurring within the database.

Ensuring availability also involves preventing denial-of-service attacks, such as a flood of incoming messages to the target system essentially forcing it to shut down.

article_post_width_lol_ddos
Online 5V5 arena game League of Legends suffered a series of DOS attacks back in 2014

Here is a nifty video explaining DOS attacks.

Confidentiality

This one is pretty much self explanatory, how to keep your information safe from prying eyes has been a true art form since the beginning of time. In information security, confidentiality “is the property, that information is not made available or disclosed to unauthorised individuals, entities, or processes” . You don’t say…

35618455

All jokes aside, information security is serious business, so much that  as of the fourth quarter of 2015, quarterly revenue generated by RSA Security, the subsidiary company of EMC that specializes in information security products and services, came to approximately 258 million U.S. dollars. Not only is money involved, but matters of national security.

giphy

As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyberwarfare attacks, yet at the same time has very significant capabilities in both defense and power projection thanks to its advanced technology and large military budget.

Hence, as of 2006, The United States deemed it necessary to create a Cyber Command that centralizes the command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks. It is an armed forces sub-unified command subordinate to United States Strategic Command.

So dear reader, these are the three valiant goddesses of information security. Respect them, worship them and cherish them.