- Protection Objectives: Integrity,
availability, and confidentiality have long been considered keystones of
information protection, and in recent years, use control and
accountability have joined the ranks of critical information protection
objectives. The acronym CIA (for confidentiality, integrity,
availability) were historically used because of the military emphasis on
confidentiality and the historical basis of information security in the
cryptographic roots of confidentiality. But for most businesses,
integrity is more important than anything else because wrong answers
often produce higher consequences than no answers or leaked answers.
- Integrity: With the increased use of
computers for control over machines, integrity is critical to preventing
loss of life and similar consequences while secrecy holds only financial
losses and possible fines which are rarely levied in cases of accidental
or maliciously induced releases. Integrity generally includes proper
association of source to content, freedom from inappropriate changes to
content, and that the content is reflective of the desired reality to
within the known parameters.
- Availability: Outages increasingly cause
serious losses to businesses as they become more dependent on
information technology for operational needs and as just-in-time systems
become more critical to business success. Availability generally
includes fault intollerance (hardening and increased reliability) and
- Confidentiality: Confidentiality is still
o0f great import, but keeping secrets for long time periods is a rare
exception today and not the norm. Therefore the time limits of secrecy
combined with the general availability of information to those willing
to search for it reduce the emphasis on this issue. While regulatory
requirements in certain cases can be very substantial and consequences
very serious it is typically considered third to integrity and
availability today in most business contexts. Confidentiality typically
involves limits on access and utility of exposed representations of
- Use control: Use control becomes more of
an issue as the utility of control functions and similar mechanisms
leads to higher consequences of misuse. For example the ability to use
an enterprise identity management system control plane implies the
potential for massive damage because of the high risk aggregation caused
by the dependency on this system by the rest of the enterprise that has
integrated identity management. Use control typically involves
identity, authentication levels, and authorities for use.
- Accountability: Accountability is fundamental to the ability to attribute actions to actors for attributing financial and other responsibility. Legal and regulatory drivers also increasingly force accountability. Accountability typically includes attribution of actions to actors, situational information relating to time, context, and so forth, and the activity performed.
- Integrity: With the increased use of computers for control over machines, integrity is critical to preventing loss of life and similar consequences while secrecy holds only financial losses and possible fines which are rarely levied in cases of accidental or maliciously induced releases. Integrity generally includes proper association of source to content, freedom from inappropriate changes to content, and that the content is reflective of the desired reality to within the known parameters.
- Access Controls: Access controls in the
control architecture sense, have to do with the overall model used for
determining validity of access of subjects (people, programs, etc.) to
objects (things, data, files, systems, etc.). The typical model uses
(1) clearance levels for people and other subjects, (2) classifications
for data and other objects, (3) a rule for matching clearances to
classifications to determine access restrictions, (4) a notion of
need-to-know that allows separation of projects and other elements based
on risk aggregation and similar requirements, (5) separation
requirements for assuring the proper division of content and
infrastructure, and (6) surrounding controls that assure that the access
control is implemented.
- Functional Units: These are classes of
mechanisms that are used to partition information and systems in
different ways so that separation of classification levels and need to
know areas are based on a set of control mechanisms and an architectural
level mechanism for control and audit, separation of control and audit
from data, separation of duties, and similar separation mechanisms.
- Perimeters: The perimeter architecture provides for physical and logical separations of
zones with different and possibly sequencial protection mechanisms to
limit access and activities passing those barriers.
- Use: Authorization for use is a
process in which a subject is identified,
an adequaqte level of authenticaiton of that identity is provided for
the contextual use, authorization for that use is granted or denied
based on that use and the authenticatied identity, and use proceeds or
- Change Control: Change control is an identified set of architectural requirements and implementation mechanisms that separate research and development, testing and approval, and operations from each other, and provide the means for assuring proper control and approval processes over changes.
In combination, these form the architectural elements of the control architecture, independent of implementation specifics.
For more details and in-depth coverage of these issues, buy the Governance Guidebook.
This was first published in January 2006