CompSec: The Other CIA

Computers are essentially the means to data storage and processing. In that sense, data has value. Never mind theories about money and store of value; data is its own kind of thing. The whole business of computers and networking is all about the data. Included with data is the value of the software it takes to handle the data. We secure both, and it is often impossible to separate them in practice. What protects one protects the other.

In their book, Cybersecurity and Cyberwar: What Everyone Needs to Know, Singer and Friedman discuss another kind of CIA than the US government spying agency: Confidentiality, Integrity and Availability of data (pp. 34-36). This is in answer to the common question of just what it is that we are protecting with computer security.

Confidentiality: While the book doesn’t address it quite this way, the primary good moral motive here is keeping the workload down. Too many people in this world are ignorant about all manner of things, including what is good and right. Further, too many of them would object to your idea of what is in yours and everyone’s best interest. So if certain aspects of your private business become known as connected to you, there is some risk you’ll face a thousand senseless questions and some mistaken if well-meaning interference. On top of this, you also have to deal with a host of folks who are actively opposed to your interests, and perhaps everyone else’s best interest. It doesn’t matter why. Keeping things confidential is a very good way of avoiding all the hassles from folks who really have no business in your business and won’t stay out of it.

Integrity: Can you trust the information? Is it what you intended it should be when you recorded it? Never mind the accuracy of your sources or input; people are the weakest link here. What matters is whether you will find what you ought to find when you go back to the data. It’s not just whether it has been altered, but whether the changes are proper, traceable and detectable.

Availability: Closely related is whether you can actually access the data when you go back to it. Inherent in this is the question of whether it can be moved to where it needs to go. If you can’t transmit it, the value is decreased dramatically.

The authors go on to describe the common threats to computer security and how they are often perceived. Cybersecurity and Cyberwar: What Everyone Needs to Know, by P.W. Singer and Allan Friedman; Oxford University Press 2014. ISBN: 978-0-19-991811-9 (paperback).

I note that for most of my computer ministry clients, this is far less about data storage and more about use and confidentiality. It’s not that data doesn’t matter. While most folks have a handful of documents and pictures, maybe some music they’ve ripped or downloaded, they don’t call me about lost files. It’s much more a matter of privacy and keeping malware away. They suffer far more from loss of control over their computers than almost any other issue. The threat they seldom understand is the data other people create and keep about them because they don’t have a clue about how confidentiality works online. Most people aren’t willing to learn how to protect their privacy, and if they did learn, would be unwilling to act on it much.

Addenda: The two authors are entirely too willing to repeat government lies on some of the issues they mention. I’m sure they know better, but I’m also sure their income depends on parroting the official story of the US government. If you decided to read this book, keep your salt shaker handy.

This entry was posted in Uncategorized and tagged , , , , , , . Bookmark the permalink.