Thursday, June 4, 2009

CIA of Security II – Electric Buggaloo

A comment to my previous CIA blog

As a certified security consultant I appreciate your coverage of security issues. My experience was always that the "A" is availability and had never heard it described as authenticity. Here's where I come from on the subject.    Lawrence


Well, I can accept that & I guess I’m now promoting comment content into a full blown post, but this sounded interesting to explore: Different interpretations of Acronyms.  When you type CIA into Acronymfinder, you get over 109 definitions, 16 specifically related to Information Technology and ‘Availability’ is listed specific to Information Security, while authenticity appears a few down the list.  I had originally learned the ‘A’ in CIA to be authenticity but being an F5er, I always thought about availability, had heard some refer to the ‘A’ as availability and mentioned that in the post (albeit in parentheses).  I did see the Wikipedia link Lawrence referenced while writing the original, but also ran across this link talking about ‘A’ as authenticity.  It was more to understand if I had been mislead or confused somewhere along the way.

Then I pondered that maybe CIA has morphed over time? Authenticity might have been the original intent or used initially due to the 'security' aspect of it all. Now, in a 24/7 global, regulatory contained, highly competitive marketplace, Availability of the data has become more paramount. Two frames of thought along with two somewhat independent reference links - Gotta love the internet!  That got nixed when I ran across the Parkerian Hexad entry in Wikipedia indicating Authenticity was added after

I must admit, now that I've searched much deeper, I've found more references to Availability than Authenticity yet plenty of opinions so Thank you Lawrence, I stand corrected – or at least, clarified.  Even my boss said he learned it as availability.  I also found this blog that talks about taking availability out of CIA.  Interestingly, I also found an article that had two references for 'I.' Integrity, of course and 'Accordingly, the "I" in "CIA" is also taken to mean "Identification",' and getting ID'd is a form of authentication.  Finally, this article lists both Authenticity & Availability.  We all win!! 

image

Moral of the story, 3 letter acronyms can mean a lot of things so make sure you know the various iterations – especially if you’re writing about it.  :-)

ps