Come children and listen to this story.
Once there was a kingdom. All kingdoms have something that makes them special. Some have a fair princess, other brave knights, or others are cursed by an evil witch. What made this kingdom special, was the amount of information it had about the world in it’s huge library. And not just about the world, but of all the people that lived or even visited this place.
And as in all stories, something bad must happen. Some people say that knowledge is power, and maybe that’s the reason why bad things started happening in the kingdom. Sometimes it were small things that were annoying, like not finding information; it being in use or reserved always or simply not there because it was taken for long periods of time. Some other times the information was overwritten, making people believe things that were not true and causing confusion. And sometimes, the information was made to extorsion or hurt them.
Trying to act quickly to prevent the chaos, the king called forward three knights to protect information: Cooney, Inbern and Avery. The first knight, would safeguard the personal information of the kingdom’s citizen’s and the travelers, so it wouldn’t be used with bad purposes again, by making only authorized people able to look at this info. The second, Inbern, was assigned to check and protect the books in the way that no one without the ones with the permissions to do so could change their content. And last but not least, Avery was assigned to make public data available, managing it and preventing it’s loss.
I think that’s enouh story for today, though we might see this guardians in some other story another day.
Now, bringing them to reality, in the “kingdom” called the Internet, this “knights” would be the CIA triad. And no, they are not this CIA:
But this one:
It’s basic concepts are the following:
C– Confidentiality: assurance of data privacy and protection of data against unauthorized disclosure. This data are things like credit cards, employee records and those kind of personal and business information. (Imagine if a hacker got acces to this kind of data! Oh the damage he could do!)
Leaks are not always evident, so actions must be taken to ensure Confidentiality, like for example using authentications like usernames/passwords and pins, and controlling which users can access what. Another defense for confidentiality is encryption (something I already talked about with some classmates in this el machetero blog post ).
I – Integrity: it means protecting data from unauthorized modification. Safe from unauthorized changes. Data becomes compromised when it is altered or destroyed either malliciously or accidentally.
A – Availability: It means ensuring data and services are available to authorized users when needed.The attack it may suffer is the denial of service attack, something we will talk about in a future post, bu some ways to protect availability is by monitoring attacks and keeping systems current and upgraded, and backup data regularly and store it in offsite location.
This three are the basic concepts of computing security, so I think it was a great place to start. I should mention that it isn’t entirely neccesary that everything on the internet on things like appa should provide the thee of them (though might be preferable, and probably don’t).
So this is all for today, Audray out!
Information taken from tutorials at Lynda