Way back I watched a movie about a museum robbery, though I do not remember it clearly. In a particular scene where money was being discussed , protagonist says looking at some gold coins in a museum, "This is where it all started". Somehow it ignited the zeal to know the roots of everything and someday wanted to use the same dialogue in real life.
Fast forward I got into information security and started digging into the roots of it, when did we , technologically advanced people realize the importance of protecting what's ours ? My research indicated that it started with Y2k.
Yes!!! "This is where it all started"
Most of the computer programs were written in 1960s , Engineers used last two digits of the year in date format. When the calendar started approaching millennium users started noticing the flaw in systems. Financial sector happened to be the first industry to report as the interest rates and amounts are date dependent .Soon powerplants followed the suite as the radiation levels and water pressure are maintained date wise. It went on to effect every sector that depended on computers right from the local transportation to missile launches .Software and hardware vendors raced against time to fix this problem. Though the fix was a simple date format expansion to four digits, it did open doors to a whole new field- "System availability".
We realized the importance of system availability , later on which became one of information security core pillars. If we have a functional information system available, when needed , It marks the first victory of a good information security process/practice.
Every time we read something or hear something, first thought "is it true?"-- we are checking the integrity of the information we just got. Same goes with information systems.
This is called ensuring "Integrity"
Information that an information system receives/creates, processes, sends/stores must remain way it is intended to be and in the format as designed. Any deviation from this expectation is considered as integrity breach and information is no longer valid.
How many time did you use "Please don't share this news with everyone" ?-- You wanted to keep the news confidential. This is applicable for information systems too.
This is called maintaining "Confidentiality"
Information systems must be capable of restricting the visibility and access strictly on need to know basis. If users are able to access or modify something in the system which they are not supposed to - It is a breach
(pic courtesy - google)
Availability | Integrity | Confidentiality
Three pillars of information security
These three domains have equal importance in maintaining a secure information system and a successful business.
Big burning question !!!
How do we know what to protect,
Well it depends !!!!!!
Contrary to the popular opinion information security is just not about safe guarding the data residing somewhere in servers. It definitely does not end at having a password.
Comments