During the first day of class we started discussing about availabity, confidentiality and integrity as key elements of information security. Ken told us that these were three essential concepts that are going to be heavily discussed during the whole semester.

The Cambridge Dictionary defines security as "the protection of a person, building, organization, or country agaisnt threats". Another definition by the same dictionary is "the fact that something is not likely to fail or be lost". A third definition is "the group of people responsible for protecting a building". I bring the comment of this definitions because they can make us aware of three different things: there is a need to protect against threats, you need to assure that a system won't fail and that in security and there is people making sure that everything works as it should and that no potentital threats come close to the stuff they protect.

Availibality, integrity and confidentiality clearly relate to the definitions described above.

Availability refers to the fact that systems must be up and running. This is implemented on systems by having the capacity and performance tools to protect against threats and recover information in case of failure. These requires infraestructure and technicians that are able to protect in case of threats and to offer fast response when an attack or a fail occurs. Availibality relates to the definion that says "the protection of a person, building, organization, or country agaisnt threats".

Integrity means assuring the accuracy of data, one example for integrity is that messages can't be modified without detection. For this, the systems should be protected in a way that attackers can't compromise data integrity, also, the system should be protected against user mistakes and have privileges on the access of systems. You can assure integrity with data access Continue reading "ACI: My perspective." →