Harm and Information Assets

In this post, I’d like to discuss harmful acts in the context of information assets. To begin, recall that information security seeks to protect the confidentiality, integrity, and availability of information assets. With this in mind, consider that there are four distinct ways in which harm can be caused to an information asset. The first way in which an information asset can be harmed is through interception. As an example, a malicious party may intercept valuable information assets while they are in transit over a network, thereby harming the confidentiality of those assets, and potentially degrading their value. The second way in which information assets can be harmed is through interruption. A malicious party might, for example, disrupt an information system’s ability to perform its tasks, or might interrupt the transmission of information assets, thus harming the availability of those assets. The third way in which information assets can be harmed is through modification. A malicious party who modifies an information asset without proper authorization is causing harm by degrading the integrity of that asset. Finally, the fourth way in which information assets can be harmed is through fabrication. As an example, a malicious party might fabricate an identity or might fabricate phony information assets for the purpose of causing harm.

In summary, then, we can consider each of these four acts -- interception, interruption, modification, and fabrication -- to be a harmful act because it can erode the confidentiality, integrity, or availability of an information asset.