Before starting to learn any theory or applications of computer security, it is important to build a strong foundation of the basic principles of security. To understand why systems and algorithms are designed how they are, we must understand the core principles that are used to develop them.
The typical definition of computer security introduces a concept known as the CIA Triad, which is a method of representing the three main goals of security.
Confidentiality, integrity, and availability are the cornerstones of computer security. Any system or algorithm designed in the field will typically have one or more of these three objectives in mind. So, what exactly do these terms mean? Let’s dive in and find out!
Confidentiality can be split into two main areas of focus:
- Data confidentiality: Assures that any private or sensitive information is not made available to unauthorized people.
- Privacy: Assures that each person is able to control or influence what information about them is collected and stored, as well as who it is disclosed to.
Modern applications and web pages have started to collect information about us at increasing rates. As this continues, the concept of confidentiality becomes increasingly important. If a user is willing to provide us with sensitive information, we need to be willing to secure and protect their information.
A good way to think about confidentiality is medical records in a doctor’s office. These records contain private information about a patient, and they can be read by the doctor who is currently helping the patient. Due to the sensitivity of the information, the doctor will make sure the records are not shared or read by anyone else who is unauthorized, as the information could potentially be used in unintended ways.
When thinking of privacy, we are basically being transparent about how we choose to use someones information. A user should always be able to easily understand how their data is being used, and shouldn’t need to look hard to find this information. Doing this will keep data secure, and keep users happy!
Like confidentiality, we typically split integrity into two main concepts:
- Data integrity: Assures that data is changed in a specified and authorized way.
- System integrity: Assures that a system performs its intended function without interference.
Integrity is how we make sure a user is able to trust the data and systems they use. If integrity is not available, a user might be misled by false information, which could cause them to act in a way that is detrimental to them.
Take our medical record example, a doctor reading medical records should be able to trust the accuracy of the information. If someone were to tamper with the records, it could cause mistreatment of the patient. A similar idea applies to system integrity. A medical professional may use many tools to treat a patient. If they were modified in some unauthorized way, they may not work as intended and cause harm.
Availability is the final goal of security that we will discuss in this article. It ensures that a user is able to access systems and data that they require in a timely fashion. If a user is not able to do this, it could impede or even stop progress on a task.
Drawing another comparison to medical records, if a doctor is unable to access medical records for any reason, they lose valuable information such as previous treatments, and reactions to medication. If this happens, it is possible for treatment to become less effective, or even harmful.
Secure software design can often be a complex concept. Remembering these foundations will help you relate complicated concepts back to their core functionality. By applying these foundations, development and understanding of computer security is well within reach for any developer!