Interhack Home
Navigation

Publications
INFOSEC: Friend or Foe?
What is Information Security?
CIA Security?
Role of Policy
Role of Technology
How does INFOSEC contribute to success?
How does INFOSEC relate to HIPAA?
Identity Theft: What If We Didn't Dodge a Bullet?
Electronic Evidence in Criminal Defense
Anatomy of Online Fraud
Security: Built-in or Bolt-on?
Spying on Spyware
Cryptography in Practice
HIPAA Security HyperRule
 Publications

CIA Security?

Security practitioners can usually enumerate lists of properties that factor into security. When we're dealing with information security specifically, though, there are three issues that stand out for their clear agreement: confidentiality, integrity, and availability (CIA). Information can reasonably be called secure when these three properties are present.

Confidentiality
simply means that the information is known no more widely than necessary. If you tell some medical secret to your physician, there has been no breach of confidentiality, because the fact was needed by the physician to render the requested service. If, on the other hand, your physician then tells your secret to someone else not involved in your treatment, confidentiality would be breached.
Integrity
is the assurance that the information is untainted. Note that this does not deal with the accuracy of the information--it strictly means that the information put into the computer is the same as the information that comes back later.
Availability
means that when the information is needed, it is ready for use. To many, this might seem counter-intuitive. But consider, if an attacker wants to put your company out of business, wouldn't the ability to deny you access to your own information for a long enough time do the trick?

Understanding properties necessary for information security is important, but not enough. To achieve the desired security, implementation becomes necessary. Successful implementation in computer systems will require both policy and technology.

[ Next: The Role of Policy ]

 

 
Contact Privacy Policy (c) 2001-2008 Interhack