Posted by: psilva | May 28, 2009

CIA of Security


A few recent blog posts, including my own, have attempted to address the encryption conundrum.  My original post talked about how you probably do not necessarily need encryption everywhere (including internal LAN); but have the ability to apply encryption anywhere there’s a potential risk/threat when sensitive data is being transmitted.  Granular access control all within the context.  Today Lori MacVittie posted an interesting article talking about some of the challenges of deploying encryption on the internal LAN as a follow up to a Network World article discussing encrypting all internal PCI traffic.

Encryption, however, is only one part of Information Security.  The hallmarks of Information Security are Confidentiality, Integrity and Authenticity (some also say Availability).  Encryption falls into the Confidentiality category – making sure that the information being transmitted stays private.  Integrity means that the message itself hasn’t been altered in any way during the communication.  Things like hashes and message digest ensure the communication stays intact.  And Authenticity &/or Availability.   Authenticity is the verification process that ensures all participants ‘are who they say they are’ and the guarantee that all parties are real.  Authenticity is usually achieved with the use of digital certificates.  Availability of the data, sort of speaks for itself  🙂

There are many opinions & challenges when considering end-to-end encryption & I wasn’t necessarily commenting on the blogs mentioned but they did get me thinking about the basic pillars of Information Security.

ps

Related articles:

Reblog this post [with Zemanta]
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: