Confidentiality, Integrity or Availability?

Confidentiality, Integrity or Availability

One of the key first things you learn in information security is about the CIA triad (or AIC, for our friends across the pond). It is the foundation of any security system. Security experts drill us with these three concepts. I’ve recently heard discussion between InfoSec practitioners, wonderings which of the three is most important. Are there industries or situations where a secure system will need one of two of them more than the others?

Confidentiality. Ensuring that data is available only to those authorized to access it. (You don’t want anyone who logs into www.yourbank.com to be able to see all your financial information.)

Integrity. Ensuring that the data is always accurate. Not only does the data need to be true to life, but the system can’t arbitrarily change data. It must always pass from one accurate state to another equally accurate state. (You surely want to ensure www.yourbank.com doesn’t start misreporting your account balance… well, unless it’s misreporting upwards.)

Availability. The system need to be up. This means that whatever your system’s SLA (service level agreement) is, you will meet it. (Ensuring that when you log onto www.yourbank.com to pay your credit card at the last minute, the site is up and working.)

As you scope a system’s requirements you’ll need to determine what the needs are for each of these areas. Questions like:

·         Who is allowed to see this data? How big of a deal is it if someone unauthorized gets access?

·         How important is the accuracy of this data? What would be the ramification if something got changed inappropriately?

·         How much does this system need to be up? How badly is the organization hurt if we have downtime outside our scheduled windows?

Let’s run through a quick use-case.

Fictitious Internet maps/directions website: robbsmaps.com. When I first started considering this type of site I assumed it would need perfect Integrity and Availability, but none around Confidentiality. Let’s walk through the process.

a.       Confidentiality. All mapping functionality should be available to anyone who can access the website. What about backend functionality? Should all get to view the logs from admin access to the site? Clearly we don’t want just anyone to get access to all our system logs, and especially not access to our username/password repository.

b.      Integrity. If your maps aren’t accurate you don’t have a very good solution, right? Except, just last night I was using a map application and it showed that no road exists right where I was driving. The site had not received new maps showing the newly built road. Yet, that mapping site is wildly successful. The point that those running the site have learned is that there is no ROI in chasing after perfect map integrity. They can afford to be right only almost all of the time.

c.       Availability. How much do we need to be online to be successful? 100% sure sounds good. But how do we accomplish that without quadrupling our network costs. Is it worth that kind of expense to go from 99.99% uptime to 99.9999%?

I think the tendency after looking through these requirements would be to conclude that Integrity and Availability are the most important, and Confidentiality is less important (though maybe a bit more important than we thought before going through the requirements exercise). But that’s missing the point. The Confidentiality requirement is no less important than the other two. If someone were to manage to circumvent our authentication measures and read all our backend data our Integrity and Availability would both be compromised. With that sensitive backend data they could easily perform an attack that would either alter our mapping data or completely take down our server.

In geometry you cannot remove one of the sides of a triangle and still have a triangle. In the same way, if you remove any of the three aspects of the CIA triad you no longer are building a secure system. Without any of the three pillars the other two are ruined.

Regardless of how you draw your triangle, it will always have three sides. All three are equally worthless without the other two.

Part two of CIA coming soon.

Connect with

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s