Helpful Models for Addressing Security Concerns
The Confidentiality, Integrity, Availability (CIA) Triad
Confidentiality is the ability to protect information from those without authorization from obtaining it. For example, hospitals storing patient information can be accessed by authorized doctors. But even a doctor can commit a confidentiality breach if a doctor looks up patient records of a friend or family member out of curiosity.
Integrity is the ability to prevent data from being altered without permission. For this example I’ll use a memory from high school. During a test, the professor walked out of the classroom for a few minutes. A student went to her desk to turn in the work. While he was there, he noticed the Excel spreadsheet on the professor’s computer screen. Luckily for him, it contained the assignments scores for the class. He quickly scrolled to find his name, changed a few numbers and helped himself to jump up a letter grade.
Availability refers to the accessibility of information to an authorized user. For example, an attacker can compromise a person’s account (whether it be an email, a bank account log-in, or even a Windows account) change the password, and lock out the owner.
The Parkerian Hexad
Donn Parker further develops the more known CIA Triad and adds three more of his own - Possession, Authenticity, and Utility.
Possession refers to an actual physical device. For example, a thief may snatch someone’s laptop at a coffee shop, but that doesn’t mean that there was an attacker who is blocking an owner from logging in to her own device (Availability).
Authenticity refers to the proper owner of information. For example, a person can send an email to a recipient, but if the message is first intercepted by an attacker, and altered before it reaches the recipient, then a violation of authenticity would occur.
Utility refers to the usefulness of a compromised device. For example, a hard drive with encrypted data may be too difficult for an attacker to decipher, which makes it unreadable, and useless.