Not so holy!

--Originally published at The shield of the world

Let´s talk about the CIA and not, this is not a post related to some Tom Clancy book or movie or whatever…

200

Yeah…CIA, we are talking about Information Security and when we refer to CIA in information security we are talking about Confidentiality, Integrity and Availability. Which are like the holy trinity.

And this is because all information security try to achieve at least one of these three.

  • Protection of confidentiality of data
  • Preserve the integrity of data
  • Promote the availability of data for authorized use

And we are gonna talk a little bit more about each of these main goals in information security.

Confidentiality

We could say that confidentiality is like privacy… we need to protect the information from people that should not be reading, playing, or doing anything with information that is not related to them. But we need to ensure that the correct people can have access to this information. Access must be restricted like the clubs when they choose who is going to enter and who is not. Data is usually in larger companies categorized according to the amount and type of damage that could be done if it falls into unintended hands.

Some methods to make the data available to the right people are usernames and password, encryption and some biometric verification, reading the retina or fingerprint. Also security tokens, key fobs or soft tokens. Keybase is a cool form of getting in touch with people and to share information encrypted to ensure that only them can decrypt and read it.

2001

Integrity

This involve maintaining the constancy, accuracy and trustworthiness of data over its entire life cycle… yeah, when you tell the teacher or anyone look I have not changed this file look at the date obviously I haven’t change it, yes you can. So

2002
2003
2004
Continue reading "Not so holy!"

Measure this.

--Originally published at TC2027 – Blog will Tear us Apart

After a much needed password therapy let’s take on the generals of what are we protecting. We may know some techniques, and we already know that we want to be safe, but how can we measure it?

giphy (2).gif
Measure like its hot

 

Luckily for us, there are already some guidelines to measure how a safe a system is. But before, just like Rick Lehtinen stated on his book, Computer Security Basics:

No man, or computer is an island.

Nowadays everything you have is connected, even just to properly work and be up to date so don’t start shouting out load that you’re a not a potential target, because you definitely are.

So in order to measure safeness, we can stick to the core C-I-A  three pillars concept, which states that in order to be safe, a system must guarantee:

  • Confidentiality
  • Integrity
  • Availability

Pretty straight forward, no? Lets tackle one by one. Again, I’m talking user/client-side, so don’t expect server-side practices.

Confidentiality

Here is where privacy is at play. As you may remember from my first post, security and privacy are not the same, and that security makes privacy possible.

And that’s precisely what confidentiality is all about, keeping what you want secret in secrecy and what you want public, public. You definitely want you bank accounts, passwords, chats, and perhaps some of yours spicy pictures secret (which you shouldn’t be sending to anyone, by the way); meanwhile you definitively want everyone to know your spoiler free (I wish) Game of Thrones death -rant tweets.

How can my confidentiality be compromised?

Easy, there are some really easy steps in which anyone interested, without even having to be a hacker can destroy your confidentiality, here are some possible breaches.