Assessing C-I-A values.

It is a common discussion during an information security risk assessment exercise at most of the organizations. As a general practice the asset value is derived by weighing the confidentiality ©, Integrity (I) and availability (A) value of an asset. While the assets are categorized into Information, Hardware, Software, Service and People, my argument always has been to say that C-I-A values can be assessed for Information Assets only and for all other it should just be the availability value.

Read the rest of this entry »

Tags: , , ,

Physical Security – At it’s best.

Just want to illustrate couple of incidents on physical security that we commonly observe.

Once while driving through a technology park, I was stopped by a couple of security personnel and they requested me to open the boot of my car and there was the second one running a mirror underneath my car and looking at something. Since the amount of different car models that I has come out in market, I assumed that the bottom  of every car must be different and out of curiosity, I just enquired with the security personnel, as to what is he looking for and you will be amazed with the answer. “I am not sure sir, they have asked me to check and I am checking”.

Read the rest of this entry »

Tags: , , ,

Parkerian Hexad

The Parkerian hexad is a set of six elements of information security proposed by Donn B. Parker, renowned security consultant and writer. The term was coined by M. E. Kabay. The Parkerian hexad adds three additional attributes to the three classic security attributes of the CIA triad (confidentiality, integrity, availability).

The Parkerian Hexad attributes are the following:

  • Confidentiality
  • Possession or Control
  • Integrity
  • Authenticity
  • Availability
  • Utility

These attributes of information are atomic in that they are not broken down into further constituents; they are non-overlapping in that they refer to unique aspects of information. Any information security breach can be described as affecting one or more of these fundamental attributes of information.

I think I don’t require to provide the explanation of C-I-A here. Let’s look at the other attributes.

Read the rest of this entry »

Tags: ,

CISF Security at Infosys

In the recent news Infosys becomes the first private company to get CISF security. I have also been reading in yet another blog about a organization conducting mocks drills for terrorist’s attacks. It is quite interesting to see that organizations are now taking security as a prime concern. As mentioned in my previous blog about frisking of VIP’s at airports, the exception mentioned there is an age old rule that was implemented when terrorism was a not major concern.

Read the rest of this entry »

Tags: , , , ,

Frisking of VIP’s at airport’s

In the recent incident of Dr. APJ Kalam been frisked at the IGI airport by the staff of Continental Airlines has created some news. The Airline has also tendered an apology to Dr. Kalam for the inconvienence caused – this is as reported in the TimesofIndia daily newspaper on 22nd July 2009.

Now does that apology mean that Continental Airlines will not frisk any VIP’s in future while they board the flight..? I see a security concern here.

Read the rest of this entry »

Tags: , , ,