by The Open University
Available in 39 free installments
Owner:
To preserve the value of an information asset, an organisation needs to sustain simultaneously its scarcity and its shareability within their respective regions. This is the critical high-level information security goal for any information asset; it is the entire rationale of an information security management system.
To maintain the security of an information asset, an organisation must:
either make the information asset unavailable in its scarcity region, i.e. make it confidential to the shareability region;
or damage or disable the information asset before allowing it into the scarcity region, i.e. undermine the integrity of the asset. The damage or disablement must be such that the original information asset retains most, or all, of its value to the organisation.
At the same time, to ensure that an information asset maintains its value, an organisation must:
ensure that the information asset is available within the shareability region;
maintain the integrity of the information asset within the shareability region.
Most authors accept that confidentiality, integrity and availability are the most important information security requirements ? requirements rather than goals, because they can, in principle, be controlled directly by an organisation. Because of this, they form the basis of most modern approaches to information security management, including that of the British Standard on Information Security Management, which provides good definitions of all three terms. The definitions appear in Reading 1, ‘What is information security??, at the start of the Introduction to Part 1 of the Standard.
Information security management is therefore concerned with ensuring an information asset's confidentiality, availability and integrity; and breaches in information security can be defined as a reduction in one or more of these three features. Thus, breaches of an information asset's security requirements have occurred when:
the confidentiality of the information asset is reduced by it being disclosed outside its shareability region;
the integrity of the information asset is harmed by it being corrupted or damaged inside its shareability region;
the integrity of the information asset is preserved after it has crossed from the shareability to the scarcity region;
the availability of the information asset is reduced inside its shareability region.
In addition, the availability of an information asset can be reduced by:
the destruction or loss of the information asset, the hardware it resides upon, or the software that interacts with it;
the interruption, for a period of time, of access to the information asset.
The security requirements of an information asset may change over time, as may its value to an organisation. Consider this simple example relating to the confidentiality of an information asset. Suppose you have information that a company is soon due to make an announcement that will cause its stock price to rise or fall. The fact that one could make a killing on the stock market with such information makes it very valuable, and so subject to the highest levels of confidentiality. However, after the official announcement, the information loses its value, and so the requirement of confidentiality is no longer an issue. Insider dealing, which includes the inappropriate release of such information, is a criminal offence under the Criminal Justice Act 1993. Similarly, time can affect the security requirements regarding availability and integrity: the need for an information asset to be available will be greater at some times than others, as will the need for its integrity.
(a) Explain how the goals of shareability and scarcity for an information asset can be achieved in terms of the security requirements of confidentiality, integrity and availability.
(b) Do you think these three security requirements apply to non-information assets?
(c) Choose an example of an information asset valuable to your organisation. To which of the three security requirements is it subject?
(d) Assess how the security requirements for the information asset you chose change overtime.
(e) What are the possible results of a breach of the security requirements of an information asset?
(a) To meet the shareability goal, the information asset should be available and have full integrity within its shareability region.
To meet the scarcity goal, the information asset should be kept confidential within its shareability region or, if the information asset must be made available within its scarcity region, the integrity of the asset should be destroyed or reduced as it is moved into its scarcity region.
(b) These are requirements specific to information assets, so they do not apply to non-information assets. You may like to discuss the security requirements for non-information assets with other learners, using the unit forum.
(c) For Open University Tutor Notes, our assessment is as follows.
If the Tutor Notes were disclosed to students, they would no longer serve their purpose, and so their value would be reduced. Therefore Tutor Notes are subject to the confidentiality requirement.
If the Tutor Notes were corrupted, this would interfere with the marking of students' work, and so their value would be reduced. Therefore Tutor Notes are subject to the integrity requirement.
If the Tutor Notes were unavailable to tutors, then they would have no value in students' assessment. Therefore Tutor Notes are subject to the availability requirement.
You may have found that your information asset was similar, or subject to only one or two information security requirements.
(d) As a different example, we consider a scenario close to all students' hearts. When teaching and assessment of an OU course is complete, an Examination Board meets to consider the marks for each and every student. The marks are presented in the form of a number of computer-generated tables, along with detailed statistical analyses to help the Board interpret the results of individual students and those of the whole cohort.
Availability is particularly sensitive to timing. If the cohort marks were unavailable for only one hour, say, this would probably have no appreciable adverse affect. However, if they were not available for a day or a week, this would create considerable problems for the Board members, who would have to rearrange appointments to attend a rescheduled Board; and there would probably be knock-on effects on other boards, though students would be unlikely to experience any impact at all. However, total loss of the data would be an altogether different matter: students would need to be reassessed and the reputation of the Open University could be seriously undermined.
Lack of integrity of the data would have a particularly damaging effect if it only came to light after results letters were sent to students. If the Board's procedures detected the problem, the impact would be comparable to a delay in availability.
A breach of confidentiality before the official announcement of results could severely damage the reputation of the OU. If the breach related to an identifiable student, the OU might reasonably expect legal action.
(e) The possible results of a breach of information security are a reduction in confidentiality, a reduction in integrity and/or a reduction in availability.
Original Copyright © 2007 The Open University. Now made available within the Creative Commons framework under the CC Attribution – Non-commercial licence (see http://creativecommons.org/by-nc-sa/2.0/uk/).
