Friday, June 21, 2013

The CIA of Information Security

In information security, CIA is a popular acronym that describes the three objectives of information security: confidentiality, integrity, and availability. There should also be a balance between them as well. Confidentiality is the objective of keeping the user's information private. The user could be a customer, client,  patient, etc. Some times confidentiality is required by law to have the individual's information confidential such as HIPAA for the medical field and some times it is a matter of being ethical and following best practice. As information security becomes more of a concern for the average user companies need to consider protecting their client's information as their corporate social responsibility initiative.

Integrity means that the information remains in tact. Whether its done intentionally or accidentally, providing stakeholders with incorrect information may have a huge impact on the bottom line of a business. Corporations may have to pay fines to SEC for misstatements; they may lose investors because of reduced confidence. Inaccurate information also increase information risk in which decision makers make decisions based on inaccurate information. Information security strives to ensure the accuracy of the data that people rely to be decision. As an example, think of a medical doctor verify the patient and the surgical operation that is to be performed. You could imagine the type error that could happen if the medical information system inaccurately display a patient for the wrong operation procedure. Another example is bank account information being mixed up.

Availability ensures that the information is there when users of the system need it. Some companies would lose millions because their online store website is down for a few hours. Denial of Service (DoS) is one type of attack that focus on making systems unavailable to users. Additional backup servers are needed as part of  a company's disaster recovery plan or contingency plan.

When you think of securing a system think of the security principles CIA--confidentiality, integrity, and availability.

No comments:

Post a Comment