• Choose a category
• All
• Classic-Fiction

Meeting the goal of confidentiality is to prevent or minimize unauthorized access to and disclosure of data and information. In many instances, laws and regulations require specific information confidentiality. For example, Social Security records, payroll and employee records, medical records, and corporate information are high-value assets. This information could create liability issues or embarrassment if it fell into the wrong hands. Over the last few years, there have been a number of cases in which bank account and credit card numbers were published on the Internet. The costs of these types of breaches of confidentiality far exceed the actual losses from the misuse of this information.

Confidentiality entails ensuring that data expected to remain private is seen only by those who should see it. Confidentiality is implemented through authentication and access controls.

If you address confidentiality issues early in the design phase, the steps that must be taken to minimize this exposure will become clear.

Integrity

Meeting the goal of integrity involves making sure that the data being worked with is the correct data. Information integrity is critical to a secure topology. Organizations work with and make decisions using the data they have available. If this information isn’t accurate or is tampered with by an unauthorized person, the consequences can be devastating.

Take the case of a school district that lost all the payroll and employment records for the employees in the district. When the problem was discovered, the school district had no choice but to send out applications and forms to all the employees, asking them how long they had worked in the school district and how much they were paid. Integrity was jeopardized because the data was vulnerable and then lost.

You can think of integrity as the level of confidence you have that the data is what it’s supposed to be—untampered with and unchanged. Authentic, complete, and trustworthy are often used to describe integrity in terms of data.

Availability

To meet the goal of availability, you must protect data and prevent its loss. Data that can’t be accessed is of little value. If a mishap or attack brings down a key server or database, that information won’t be available to the people who need it. This can cause havoc in an organization. Your job is to provide maximum availability to your users while ensuring integrity and confidentiality. The hardest part of this process is determining the balance you must maintain between these three aspects to provide acceptable security for the organization’s information and resources.

Real World Scenario

Compute Availability

Availability is often expressed in terms of uptime. High availability strives for 99.9999% uptime over the course of the year (24 hours a day, 7 days a week, 365 days a year). For this exercise, compute how long data wouldn’t be available over the course of the year with the following availability percentages. For example, with 98% uptime, there is a 2% downtime of 525,600 minutes in a year. That means the data would be down for 10,512 minutes, or 7⅓ days! Try your math on the following:

1. 99%

2. 99.9%

3. 99.99%

4. 99.999%

5. 99.9999%

The increments may seem small, but over the course of a year, they represent a significant difference in the amount of time data is and isn’t available. Answers: (1.) 5,256 minutes, which is over 87 hours and 3.5 days; (2.) 525 minutes, or a little less than 9 hours; (3.) 52.56 minutes; (4.) 5.25 minutes; (5.) About half a minute.

The key to availability is that the data must be available when it’s needed and accessible by those who need it.

Accountability

The final and often overlooked goal of design concerns accountability. Many of the resources used by an organization are shared between departments and individuals. If an error or incident occurs, who is responsible for fixing it? Who determines whether information is correct?

It’s a good idea to be clear about who owns the data or is