| About the Author |
Simon Biles is a founder of Thinking Security Ltd., an Information Security and Risk Management consultancy firm based near Oxford in the UK.
Confidentiality – this relates to secrecy of the information in question. Confidentiality comes in many and varied shades – from things that you actively want everybody to know all the way through to the things that you want nobody to know. These levels of secrecy relate to the “protective marking” of documents in Government departments – we are all familiar with the concept of “Top Secret”, they are in fact as follows : “NPM” ( Not Protectively Marked – e.g. anyone can know ), “Protect”, “Restricted”, “Confidential”, “Secret” and “Top Secret”. They are listed in a document called the Security Policy Framework (http://www.cabinetoffice.gov.uk/media/111428/spf.pdf) which is publically available. Figuring out the required level of confidentiality for a given item of information is important – the higher the required confidentiality, the more expensive and difficult the process of securing it from others becomes – thus you only want to apply appropriate controls where necessary, rather than spending a fortune protecting something that is either of no consequence or that everyone already knows!
Integrity – this relates to the “quality” of the information. Is it the same as when it was entered ? Has it been corrupted? Such a corruption could be accidental or deliberate, but the effect, in either case, is that the information can no longer be used, or trusted. It could be as simple as a wrong digit in a phone number, or as complex as accounting fraud, but both are compromises of integrity. Again, the effort made and cost expended in maintaining integrity should be proportional to the value and type of the information – one bit error in a JPEG library ( which uses lossy compression anyway ) may go completely unnoticed, a one bit error in a bank account balance probably won’t...
Read more at http://www.forensicfocus.com/simon-biles