DEV Community

Cover image for Re-learning security: CIA
Abdul
Abdul

Posted on

Re-learning security: CIA

Intro

Hello Hello, been a while since I last posted, but it was for a good reason! I've enjoyed a new company/apartment/life and needed as much time as I could to get situated 🙌 Since then I've learnt a lot, but somehow, also learnt that I have much more to learn 😄 oh the ocean of knowledge, how can I swim?

For this blog we're going to look into one of the things I've realised I've not paid attention to in the past year or so. As a result, I've gotten rusty, and so I'll be taking a more active approach by addressing it through reading books, doing certain exercises and seeing how I can influence the team I'm apart of.

A particular reference I'll be reading from as I go through this journey is the "Alice and Bob Learn Security" book. The flow of the blogs will also similar to the structure of the book, as it helps me stick things in my mind easier.

Why start now?

Well, security is, and should always be, one of the first things that should pop into anyone's mind when they're dealing with creating/developing interactive software. Even if it weren't interactive, we'd still need to make sure that our applications are safe and we don't get hurt in the process of making a positive change in the world (one release at a time).

The Security Mandate: CIA

This is where the security standard such as the CIA (Confidentiality, Integrity and Availability) is discussed. As it equips us with the ability to make design/code decisions that ultimately help make our apps safer.

CIA

Confidentiality

Being able to keep information private is harder than first thought, speaking for myself. It also varies in importance depending on the situation. I'm currently reading "Alice and Bob Learn Application Security", and it talks about how confidentiality plays a certain role in their lives. Due to her position as CEO of a top 500 company, Alice does not want certain information about her health to be public (so it's of utmost importance), while Bob (who has a much lower ranking job) doesn't gain or lose anything by letting people know about his heart condition and using a pacemaker.

Integrity

For this principle, it's about the accuracy and the currency of the information that is presented to us. The importance which we place this is also something that is dependent on the situation. In trading, for example, we cannot have numbers that are very inaccurate, as this could potentially cause miss-trades: leading to large financial loss in the process. In most cases, I would think, accuracy is part of what is being part for in most, if not all, applications on the internet. However, you could argue that blogs like this don't prioritise this principle as much since it's users can post anything they want (as inaccurate as they want).

Availability

For certain applications in the health industry, this could be a case of life and death, literally! Take the previous case of Alice and Bob for example, both of which rely on the availability of their information. Alice, being a diabetic, measures her levels multiple times a day using this device, but she can also do it manually. So having this device not working is not the end of the world for her. However, for Bob, who relies on a pacemaker to keep a consistent rhythm of beats for him: it would be frightening to not have it available and working to help through the irregular heartbeats.

Conclusion

As we read the "Alice and Bob Learn Security" book, we've take a look at these starting blocks, and the why's, of some of the security rules we may see in our everyday applications. Understanding the reason for their existence and how they fit in our lives through the lens of the CIA principles would equip us to make better decisions in the future.

Top comments (0)