In the security field, best practices always fall within what is referred to as the AIC (or CIA) Triad. AIC stands for availability, integrity, and confidentiality; the idea being that every security action taken is in response to at least one of these three areas. Availability refers to the reliability and the timely access of information. It is generally ensured through the utilization of backup devices. One the availability of the information has been established, it is necessary to focus on its integrity. This deals with the assurance of accuracy and the reliability of the information the user is receiving. This is done by preventing unauthorized modifications through strict access controls, intrusion detection, and hashing methods. The third piece of the triad is the confidentiality of information. In other words, important data needs to be unavailable to unauthorised individuals. This can be preformed through encrypting data, network traffic padding, strict access contols, data classification, and proper personnel training.
When assessing whether or not to implement a solution to the issues in these areas there are two important questions that need to be asked. "Does this solution carry out the required tasks?" "How sure are we of the level of protection this solution provides?" These are generally referred to as funtional requirements and assurance requirements respectively. One practice to be avoided as a result of these requirements is that of security through obscurity. This is a practice often utilized by uninformed and untrained individuals who believe that having a strange appoach to their security method will prevent hackers from being able to crack their system. This is never an appropriate substitute for a properly implemented security program.
No comments:
Post a Comment