Information Security - Lexicon (1/3)

“Information,?knowledge,?wisdom?are terms for human acquirements through reading, study, and practical experience” as defined at www.dictionary.com. With the ever connected 'information enabled' cyber-world today, a new paradigm of human acquirement from 'DATA' may be appended to the above mentioned definition.

"Security" may be considered as "The quality or state of being free from danger"

By mentioning the generic definitions, I intend to clarify that information is not limited to transaction only on computers/ electronic hardware. Every experience which we have in life is 'information'. Information is exchanged by us continuously and is essential for taking decisions. 'Informed Decisions' lead to success and 'uninformed/ mal-informed' decisions generally lead to failures. And, therefore, we, the humanity, all of us are information security practitioners on a daily basis!

To cite a few relatable examples, 'gossip' is the human method of information leak!, trying to avoid letting a third person know about the happenings within a family is information security and keeping the TV switched off during children's exams may be considered a kind of DoS (Denial of Service) attack (we are denying the availability of TV service, an information source, to the children)!

Few foundational concepts around 'information' are:

• Information is 'derived' from data/ datapoints.
• Information can be used and is necessary to make decisions.
• The person 'originating' the information is the 'owner'.
• The owner decides who is/ are authorised to know the information.

In my next few articles, I intend to present frequently used Cyber-security jargon through relatable daily life experiences for a better understanding by the uninitiated but interested individuals to the field of information security. I hope it will help many understand the basic concepts and encourage them to explore more.

To begin with let me take the terms associated with the commonly discussed "CIA Triad" viz. 'Confidentiality', 'Integrity' and 'Availability'.

CONFIDENTIALITY : "Security of information from unauthorised disclosure".

• Unauthorised: Decided by owner. Someone whom the owner thinks should not know the information
• Example: Keeping your land papers in bank locker, Writing of own will and communicating only to intended individuals, safeguarding location of critical weapons from enemy nations

INTEGRITY : "Whole/ Complete/ Uncorrupted". The piece of information has remained as it was created.

• The information as disseminated by the owner has not changed intentionally or unintentionally.
• Example: Father tells son on phone, "Mother has gone to the market by Car". The sons hears, "Mother has gone to the market". The information received by the son is incomplete. Son tells his sister, "Mother has gone to the temple". The information received by the daughter is changed. In both the cases, integrity of the information has been compromised.

AVAILABILITY : Information is available to whom it is authorised/ intended, when it is required, in a format (language) understandable by the authorised user.

• There should be no obstructions to information access.
• Example: The Railway time table is made available to general public whenever they need it. Information about positioning of own armed forces is always available to the Chief of Armed forces (authorised user) but is not available to general public. Obstructions in information availability may be created by disrupting communication mechanisms like telephone, postal service, mobile networks etc.

I hope the examples elucidated above are easier to comprehend and make the concept of the key terms clear. Please add similar examples in the comments and do let me know any suggestions for improvement/ any particular terms you would like to see explained!

*Next up: Threat, Risk and Vulnerability