What is the process of ensuring that only authorized parties are allowed access to a resource?

Data and information protection comprise the third and most important pillar of a sound cyber security strategy. It is crucial to consider the ‘CIA triad’ when considering how to protect our data.

This is the third and final article in a series addressing the three-pillar approach to cyber security. The first two pillars are ‘people’ and ‘process’, The last pillar is ‘data and information’.

Data and information protection is the most technical and tangible of the three pillars. The data we gather comes from multiple sources, such as information technology (IT), operational technology (OT), personal data and operational data. It must be properly managed and protected every step of the way.

What is the CIA triad?

When we discuss data and information, we must consider the CIA triad. The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security.

The three components of the CIA triad are discussed below:

1. Confidentiality: This component is often associated with secrecy and the use of encryption. Confidentiality in this context means that the data is only available to authorized parties. When information has been kept confidential it means that it has not been compromised by other parties; confidential data are not disclosed to people who do not require them or who should not have access to them. Ensuring confidentiality means that information is organized in terms of who needs to have access, as well as the sensitivity of the data. A breach of confidentiality may take place through different means, for instance hacking or social engineering.
2. Integrity: Data integrity refers to the certainty that the data is not tampered with or degraded during or after submission. It is the certainty that the data has not been subject to unauthorized modification, either intentional or unintentional. There are two points during the transmission process during which the integrity could be compromised: during the upload or transmission of data or during the storage of the document in the database or collection.
3. Availability: This means that the information is available to authorized users when it is needed. For a system to demonstrate availability, it must have properly functioning computing systems, security controls and communication channels. Systems defined as critical (power generation, medical equipment, safety systems) often have extreme requirements related to availability. These systems must be resilient against cyber threats, and have safeguards against power outages, hardware failures and other events that might impact the system availability.

Stability, availability and security

Availability is a major challenge in collaborative environments, as such environments must be stable and continually maintained. Such systems must also allow users to access required information with little waiting time. Redundant systems may be in place to offer a high level of fail-over. The concept of availability can also refer to the usability of a system.

Information security refers to the preservation of integrity and secrecy when information is stored or transmitted. Information security breaches occur when information is accessed by unauthorized individuals or parties. Breaches may be the result of the actions of hackers, intelligence agencies, criminals, competitors, employees or others. In addition, individuals who value and wish to preserve their privacy are interested in information security.

The CIA triad describes three crucial components of data and information protection which can be used as guides for establishing the security policies in an organization. Establishing and maintaining the organization’s security policies can be a daunting task, but using the three-pillared strategic approach to cyber security can help you identify and manage cyber security risks in a methodic and comprehensive manner.

Data confidentiality is about protecting data against unintentional, unlawful, or unauthorized access, disclosure, or theft.

Confidentiality has to do with the privacy of information, including authorizations to view, share, and use it. Information with low confidentiality concerns may be considered "public" or otherwise not threatening if exposed beyond its intended audience. Information with high confidentiality concerns is considered secret and must be kept confidential to prevent identity theft, compromise of accounts and systems, legal or reputational damage, and other severe consequences.

Examples of data with high confidentiality concerns include:

• Social Security numbers, which must remain confidential to prevent identity theft.
• passwords, which must remain confidential to protect systems and accounts.

Consider the following when managing data confidentiality:

• To whom data can be disclosed
• Whether laws, regulations, or contracts require data to remain confidential
• Whether data may only be used or released under certain conditions
• Whether data is sensitive by nature and would have a negative impact if disclosed
• Whether data would be valuable to those who aren't permitted to have it (e.g., hackers)

When managing data confidentiality, follow these guidelines:

• Encrypt sensitive files.
  Encryption is a process that renders data unreadable to anyone except those who have the appropriate password or key. By encrypting sensitive files (by using file passwords, for example), you can protect them from being read or used by those who are not entitled to do either.
• Manage data access.
  Controlling confidentiality is, in large part, about controlling who has access to data. Ensuring that access is only authorized and granted to those who have a "need to know" goes a long way in limiting unnecessary exposure. Users should also authenticate their access with strong passwords and, where practical, two-factor authentication. Periodically review access lists and promptly revoke access when it is no longer necessary.
• Physically secure devices and paper documents.
  Controlling access to data includes controlling access of all kinds, both digital and physical. Protect devices and paper documents from misuse or theft by storing them in locked areas. Never leave devices or sensitive documents unattented in public locations.
• Securely dispose of data, devices, and paper records.
  When data is no longer necessary for University-related purposes, it must be disposed of appropriately.
  • Sensitive data, such as Social Security numbers, must be securely erased to ensure that it cannot be recovered and misused.
  • Devices that were used for University-related purposes or that were otherwise used to store sensitive information should be destroyed or securely erased to ensure that their previous contents cannot be recovered and misused.
  • Paper documents containing sensitive information should be shredded rather than dumped into trash or recycling bins.
• Manage data acquisition.
  When collecting sensitive data, be conscious of how much data is actually needed and carefully consider privacy and confidentiality in the acquisition process. Avoid acquiring sensitive data unless absolutely necessary; one of the best ways to reduce confidentiality risk is to reduce the amount of sensitive data being collected in the first place.
• Manage data utilization.
  Confidentiality risk can be further reduced by using sensitive data only as approved and as necessary. Misusing sensitive data violates the privacy and confidentiality of that data and of the individuals or groups the data represents.
• Manage devices.
  Computer management is a broad topic that includes many essential security practices. By protecting devices, you can also protect the data they contain. Follow basic cybersecurity hygiene by using anti-virus software, routinely patching software, whitelisting applications, using device passcodes, suspending inactive sessions, enabling firewalls, and using whole-disk encryption.

B2B Advanced Communications provides a multi-layer approach to securing messages and other data with identification, authentication, authorization, confidentiality, data integrity, and non-repudiation.

The security management functions include these commonly accepted aspects of security:

Security mechanisms are standards that are used to ensure secure operations and communications. A mechanism might operate by itself, or with others, to provide a particular service. Some of the security mechanisms that are used by B2B Advanced Communications to keep your data secure are:

• Authenticating all users and organizations through credentials, such as user name and password pairs.
• Enforcing session timeout limits after which a user is automatically logged out of B2B Advanced Communications.
• Ensuring that data is validated each time a trust boundary in crossed. Messages (including payloads) are validated at both entry to and exit from B2B Advanced Communications.
• Providing access control and authorization for resources and operations by running processes that use accounts with minimal privileges and access rights. Additionally, access to administrative function is restricted to users with Master Account Administrator and System Administrator privileges. Access control also enforces data confidentiality.
• Predefining access privileges by adding each user to a group for which permissions are assigned by user role.
• Protecting data at rest by enabling encryption by default and setting properties to provide the necessary default certificates.
• Using Secure Sockets Layer (SSL) to exchange messages securely over the transport protocol.
• Setting a connection timeout after which it is disconnected if the connection is not established.
• Providing secure mechanisms to audit, log, and monitor security-related events. Effective auditing and logging is the key to nonrepudiation. Nonrepudiation ensures that a partner cannot deny sending or receiving a message.
• AS4 security logging is done by publishing visibility events of the audit event type. These events are published after AS4 security processing and contains the X.509 certificate that was used for digital signature, the digest algorithm, the message digest, the user subject, and the source IP.
• Establishing trust boundaries to indicate where trust levels change from a perspective of confidentiality and integrity. For example, a change in access control levels in your application, where a specific role or privilege level is required to access a resource or operation, is a change in trust level. Another example is at an entry point in your system where you might not fully trust the data that is passed to the entry point.
• Identifying trust boundaries from a data flow perspective. For each component, the system considers whether the upstream data flow or user input is trusted, and if it is not, the data flow and input can be authenticated and authorized.
• Storing user password as encrypted in the database.

B2B Advanced Communications also provides these methods that you can use to secure your data:

• Ensure message confidentiality by converting the contents to ciphertext with XML encryption. This encryption ensures that data remains private and confidential, and that it cannot be viewed by unauthorized users or eavesdroppers.
• Ensure message integrity and authentication by signing a message with a digital signature. This signature confirms the source of the message and detect whether the contents were altered in transit.
• Identify and reject messages that are resubmitted (duplicate messages) to defend against message replay attacks.
• Use the secure HTTPS protocol to transmit messages when they are transmitted to and from your partners. HTTPS, a combination of Hypertext Transfer Protocol (HTTP) and Secure Sockets Layer (SSL), is the industry standard for securing information that is transmitted between partners.
• Use SFTP protocol to transfer files between you and your partners. SFTP is a full file system protocol that is secured with Secure Shell (SSH).
• Set the maximum size of a message request. This message validation measures the message size against the criteria you specify and any request that is larger than the specified size limit is rejected.
• Set the maximum size of message payloads to prevent denial of service because a large payload is exhausting system resources.
• Allow user authentication checking through the system or user exit, with either an X.509 certificate or user name token, or both.
• Allow user credential SSH authentication for SFTP with either a password or public key, or both.
• Allow the signing of outbound exchanges with an X.509 certificate to ensure message integrity and prevent data modification in transit.
• Specify that inbound messages must be signed, and specify the signature hash to be used. For NIST compliance, you must specify a higher key strength algorithm (for example, SHA256) in the conformance policy.
• Ensure high availability of the system for legitimate users. The goal for many attackers in denial of service attacks is to disable an application or overwhelm it so that other users cannot access it.
• Use digital certificates for identity authentication, and select the certificate that is based on alias name and function usage (such as sign, verify, encrypt, decrypt, SSL client).
• Allow authentication by using the certificate issuer and serial number to return the unique subject.
• Allow authentication by using a user name and password token to return the unique subject.
• Allow authentication by using an X.509 certificate to return the unique subject.
• Allow authentication by using a certificate subject key identifier or thumbprint to return the unique subject.
• Allow SSH authentication with an SSH public key.
• Trust received public certificates by using the configured CA store and Certificate Revocation Lists (CRLs).

• Create security policies (for AS2) or conformance policies (for AS4) that specify security aspects and settings to secure communication with your partners. Security policies can include whether:

  • HTTP or HTTPS basic authentication is required
  • Signed messages are required
  • Signed Message Disposition Notifications (MDNs) are required
  • Messages are required to be encrypted

These are some effective security methods in B2B Advanced Communications:

• Use multiple layers of security to circumvent unauthorized interception of data if one layer is bypassed or compromised. For example, use digital signatures to sign your message and also encrypt the message.
• Give each user the least amount of access control necessary.
• Use Private Key Infrastructure (PKI) keys and certificates at two levels, the transport level (HTTP transport with SSL or SFTP transport with SSH), and at the message level (by using XML signature and XML encryption elements or SSH authentication).
• >Set user account policies that define a secure password for your systems. Some things to consider when you create a password policy are:
  • Enforcing password history to establish how frequently old passwords can be reused.
  • Setting a minimum password age to determine how long users must keep a password before they can change it. This minimum age prevents users from bypassing the password policy.
  • Setting a maximum password age to determine how long users can keep a password before they must change it.
  • Setting password length and complexity requirements, such as requiring at least 6 characters.
  • Ensuring your policy is updated and distributed to all users.
  • Establishing regular policy review milestones.
  • Tracking user compliance to the policy and managing policy violations.
  • Associate a user credential with an SSH public key for SSH authentication.