Basics of computing security

Gif from tenor

       Let’s be clear. I am not an expert in computing security. Actually, I have never studied about this before… BUT, is the subject I have been waiting since I began my studies as Software Engineer. And now, in my 7th semester, I am writing about it for my computer and information security class with Ken, a flipped-learning teacher, but more important I am writing about it to learn with you, whoever you are.

       For this first entry I am talking about, according to Ken, three key concepts in the computing security which together create the CIA in computer security: availability, confidentiality and integrity.

 Let’s start with confidentiality, maybe the most easy of the concepts to get and the easiest for me to explain. Is something we all know about computer security or, at least, maybe it’s what we give more importance to. You will understand better what I am talking about after Margaret Rouse explanation: Confidentiality is roughly equivalent to privacy. And privacy is a concept we all understand well because is something that really matters for us. Maybe I am generalizing, but we all need our space, a space where we can keep our secrets, our thoughts without the fear that someone will found out. In my experience, I am a person who is very open to other people about my personal life but I am actually living second life that 99% of people I know are not aware and that’s because we humans can have privacy, a very secure one.

Gif from tenor

In the other hand, we have computers, smartphones, apps where we share all of our information on the internet but that doesn’t mean we don’t want to keep secret things secret. That’s why we have a password in our Facebook, twitter and Instagram profiles; a passcode to unlock our computer, tablet or smartphone; that’s why we only use messaging apps that make us feel that our private messages are kept private. That’s what confidentiality in computer security is about: keep our privacy private.

Now it’s the turn of the A in CAI: Availability. This is about keeping the system working without problems all the time, that must be, I know 🙄, available. But this is more than that. It is not easy to keep a system, again, available all the time. It is necessary to think in so much factors, from constantly maintaining the hardware as keeping the software updated to think about a flood or fire. This kind of events could make all the data get lost, all, forever. We don’t want that.

To prevent this, it is very important to have a disaster recovery plan (DRP) as Margaret explains. This consists in being fast and adaptive in the face of a worst case scenario. Before I was talking about natural disasters and fire because these may cause several problems. It is very common the interruptions in connections because of this events. The solution to this is something we are used to or we should be used to: backups. We must have in mind that something bad could happen to our computer and all of our information could be lost, so we backup all information (somewhere else) so we don’t lose it. The same happens with servers where big, BIG amount of information is stored, the people behind them backup the information not in a near place but in a geographically-isolated location, perhaps even in a fireproof, waterproof safe. That’s just an example of what availability implies. There are so much factors behind the having a service available.

And Finally the I in ACI, Integrity. One of the aspects that people value most regarding other people. It is expected that someone as a professor, policeman or our president earn our trust for his or her integrity as a professional (not all the time… Mexico, US 👀). The same happens in the computer area, we trust in the integrity of our application, our software. What does this means? It means we can trust that the information we are giving away shall not be modified in any way by a unauthorized user if that is not the system purpose (the one we know).

There is something Integrity has in common with availability and this is the non-human factor. A server crash or a electromagnetic pulse as Margaret explains may cause that some data change. For this to work out we go back to backups. It is important to have constant backups of the information in the correct state so it can be accessed if an event as the previous occur. This security measures are important for the user who wants someone or something he or she can trust to keep their information safe. Still, you shouldn’t trust your most valuable information to the internet, my advice is the following:

Gif from gurl

 That’s all for this entry. Remind the key factors in computer security the way you prefer: CIA, CAI, ACI… for Confidentiality, Availability and Integrity and apply this not only to your software or hardware, as a person those are very important human values.