CIA Security?
Security practitioners can usually enumerate lists of properties that factor into security. When we're dealing with information security specifically, though, there are three issues that stand out for their clear agreement: confidentiality, integrity, and availability (CIA). Information can reasonably be called secure when these three properties are present.
- Confidentiality
- simply means that the information is known no more widely than necessary. If you tell some medical secret to your physician, there has been no breach of confidentiality, because the fact was needed by the physician to render the requested service. If, on the other hand, your physician then tells your secret to someone else not involved in your treatment, confidentiality would be breached.
- Integrity
- is the assurance that the information is untainted. Note that this does not deal with the accuracy of the information--it strictly means that the information put into the computer is the same as the information that comes back later.
- Availability
- means that when the information is needed, it is ready for use. To many, this might seem counter-intuitive. But consider, if an attacker wants to put your company out of business, wouldn't the ability to deny you access to your own information for a long enough time do the trick?
Understanding properties necessary for information security is important, but not enough. To achieve the desired security, implementation becomes necessary. Successful implementation in computer systems will require both policy and technology.