Information security
Information security

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Information security

2 Information security

It’s safe to say that Coca-Cola would never share its secret recipe with anyone other than the chosen few. Facebook, too, are unlikely to share the information they have on their users with those that would advertise. Keeping that information secret keeps the value that it has inside their companies. Some information needs to be kept confidential.

Of course, if confidentiality was paramount, we could simply lock the recipe up in a safe and throw away the key. Even more drastic, we could just burn every last copy of it. But that would mean that Coca-Cola’s shareholders would lose interest in investing as the source of its ability to make money would have disappeared. So information has to be available when needed.

Moreover, when it is needed, it must be correct otherwise, when you come to use it, you won’t end up with Coca-Cola. The information contained in it needs integrity – in the sense that it should be whole and undivided, i.e. correct.

There is sometimes a difficult balance to be made between the Confidentiality, Integrity and Availability – the CIA triad – of information. Information security is the art and science of getting that balance right.

Activity 4: CIA for your organisation’s information

Choose a piece of information whose value is critical for your organisation.

  • a.To which of the three security requirements is it subject? Why?
  • b.Thinking about each of confidentiality, integrity and availability in turn, how would you balance the CIA triad for it?

Discussion

We chose Open University assessment material, which contains information to the mission of The Open University in allowing us to validate a student’s study. Thus, it is critical to get the CIA triad correct.

  • a.Open University assessment material is subject to the following requirements:
    • They’re highly confidential. In the case of an examination paper, if it was disclosed to students before the exam date, it would lose its value.
    • They need to have integrity. Assessment with errors would cause problems for both students, who might be confused, and The Open University, as they would interfere with the marking of a student’s work.
    • They have to be available – in the right place at the right time. If, for instance, a course exam paper wasn’t available at an examination centre on the day of the exam it would again have no value.
  • b.Let’s think about an exam paper
    • Confidentiality. The information in the exam paper needs to be kept confidential as it is (i) authored and checked and (ii) distributed to the exam centre. First, I need to know who can be trusted and who can’t. I’m going to assume that people who get paid by The Open University – for instance academics, external examiners etc. – can be trusted, but others can’t.

      The process of authoring and checking the exam paper could take many months, and in that time it might need to be shared by many people, both inside and outside of the University. I know that email isn’t really confidential, so I’m going to stop the exam paper being attached to an email, unless it is password protected. Internal post isn’t secure, so I’ll ask that people walk to collect the exam paper whenever necessary. However, there are now paid for secure services that I might also look into.

      To keep it confidential while they’re on their way to the exam centre, the exam paper will be in a tamper-proof box, so that the courier – who won’t work for The Open University – doesn’t need to be trusted.

    • Integrity. I’m going to ensure that there are lots of different sets of eyes on the exam paper so that errors will be spotted. I’m going to give responsibility for catching those errors both to the author and to the external examiner both of whom will have to formally sign off on the exam paper, confirming it’s error-free. That should get us most of the way. If all that fails and on the day someone spots an error on the paper, I’ll make sure there’s an academic no more than a telephone call away to check and quickly release a fix, if the error is confirmed.
    • Availability. I know where the exam paper needs to be and on which day, so I’m going to book a courier service to pick the exam paper up from The Open University the day before, making sure it gets to its correct destination. The courier will deliver the paper to a named person who works in the examination centre at the other end. They will have responsibility to deliver it to where the examination is taking place.

Given that you chose different information assets, your analysis will be different. However, perhaps you asked the same questions: who could you trust? What services can be used? Who does what? If not, have another go and try to answer those questions too.

M811_1

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371