| Area | Abbr. | Pillar | # | |
| Information | C | Confidentiality | 1 | |
| I | data Integrity | 2 | ||
| A | Availability | 3 | ||
| Client-Information Interaction (Data Access) | Definition | A | Authorization | 4 |
| CID | information Classification / Identification / Dictionary | 5 | ||
| A | Authentication | 6 | ||
| RASTS | security Risk Assessment for the Services, Tools & Systems | 7 | ||
| Enforcement | A | Auditability | 8 | |
| Criminalization | A | Accountability | 9 | |
| NR | Non-repudiation | 10 | ||
Here is a brief description of the pillars:
| # | Pillar | Brief Description |
| 1. | Confidentiality | Only authorized client is allowed to access the information. Prevent un-authorized access. |
| 2. | Data Integrity | Ensure the accuracy and completeness of the data. |
| 3. | Availability | Guarantee that the information is accessible at any time to the authorized client. |
| 4. | Authorization | Define a set of data access rules with 5W1H details:
|
| 5. | CID | Classify the information into categories. Identify each piece of data with pre-defined formatting and layout specified in the data dictionary. |
| 6. | Authentication | Prove the true identity (not a fake) of the person, device, host, system and location. Prove the real/true time of data access activity. |
| 7. | RASTS | Perform security risk assessment for the services, hardware/software tools and systems which are used during the data access activities. |
| 8. | Auditability | Able to let an auditor to examine all the data access activities to check for authorized/illegal activities. |
| 9. | Accountability | Ensure that a person is accountable or responsible for the data access activities. |
| 10. | Non-repudiation | Ensure that the accountable person cannot deny for his/her activities. |
For easy to remember, I would like to call these 10 pillars as the Hydra of information security. Hydra is a multi-head (usually 9-head) serpentine water monster in Greek and Roman mythology. Although presently there are 10 pillars, maybe later additional pillar is needed in information security, just like the heads of Hydra.
Alvin SIU
2020-06-17
| Copyright/Licence Information: All information and coding in this article is offered at no charge for NON-COMMERCIAL PERSONAL USE only. This blog and the coding is copyright. Reproduction of this blog and its coding in whole or in part in paper or digitally or in any other forms without the explicit written permission of the author is strictly prohibited. |
| Disclaimer: All information in this article is distributed "as is" and is UNSUPPORTED. NO WARRANTY of any kind is expressed or implied. You use AT YOUR OWN RISK. The author will not be liable for any data loss, damages, and loss of profits or any other kind of tangible or intangible loss while using or misusing wholly or partly of the information. |
No comments:
Post a Comment