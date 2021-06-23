In information security and privacy circles, whether in government agencies, company settings, or an academic forum, there is an age-old bit of wisdom that frames the entire, convoluted, hi-tech mess of cybersecurity: the CIA Triad. This “CIA” is not abbreviated for the mostly clandestine Central Intelligence Agency. That CIA provides intel to the President through our Director of National Intelligence. That CIA is also so much more fun to base movies and spy novels on than the CIA I’m invoking today.
Neither is our CIA affiliated with the Culinary Institute of America, the world renowned academy for chefs in Hyde Park, New York, where one can study and practice something so miniscule as butchering carrots for days of time before mastering that one of thousands of lessons toward chefdom. Would you ever be in Upstate New York, visit the university and enjoy a Michelin-leaning meal at costs incumbent to the training grounds. It’s like getting your haircut at a barber’s college without the hair, hopefully.
In terms of your personal, private information’s protection, our “CIA” is in the visual form of a pyramid, though always termed CIA Triad, with the letters standing for Confidentiality, Integrity, and Availability. When digital data, or frankly any information, can be described with all three terms you are in pretty good order.
All too often when I write for you about security and privacy I go beyond these basics and discuss some event, or law or regulation, or maybe even some of the countless theories and concepts surrounding cybersecurity. Rarely do I get down to pure basics: C and I and A.
I’m a diehard, lifelong, commiserating Cubs fan. Going to Wrigley Field and plopping onto the steel benches as a Bleacher Bum is like mecca to us. Their World Series win in 2016, to the fans, will be one of those moments when we know where we were and who we were with at the end of game seven. I enjoy the sport from the broader perspective including minor leagues, independents, and umpiring Little League. Never played, always enjoyed.
That paragraph belongs here despite your reading it, perhaps, as diverting from the CIA speak. There’s a connection, I promise.
To determine whether you have reliable, comprehensive, and secure information, digital or otherwise, you can use the CIA Triad as a gauge. Does the information enjoy the protection of confidentiality, meaning that only those privy to it can access it? Does it have integrity, meaning that what’s there is exactly what’s expected to be there, no more, no less? And, is it available, like not being held for ransom after getting encrypted by the hackers? All three intact? Now, you have security, and that means that you can trust the information at issue. Back to baseball.
Larry Lester is a tireless researcher and statistician. Some 50 years ago he began a project whereby he traveled the country to visit libraries and other data centers to collect information about professional baseball players. Back then, no internet, no publicly available databases, no one clearing house with complete data about players’ accomplishments and game results. Rather, he’d trudge through newspapers, later microfiche and microfilm, and finally more recently taking the “easy” route by leveraging the internet’s superhighway to travel for baseball stats. To compound his problems, the data Lester was after surrounded players in the Negro League.
Negro League games didn’t enjoy wall-to-wall coverage. Major newspapers rarely covered games, and certainly not enough so as to develop a comprehensive record. Lester uprooted the Black periodicals, which nearly every city big enough for a Negro League team had as the supplement to the popular press that excluded those athletes. He’d toil at his day job, run his daily errands, and then come back home dropping every dime in his pocket into a vessel until he made his way to one of these libraries where hard-copies of the found intelligence were made for his curation. Scroll through microfiche … scrolling, scrolling … Hit! There’s a game recap. Deposit a dime or two. Print out and drag home to the volumes of previous treasures. Lester then wrote a computer program to collect and analyze the dizzying amount of information. He now works with the prestigious Society for American Baseball Research to complete the history. SABR is a force in terms of baseball information, and when it concludes some analysis, the baseball world listens.
The Major League Baseball (it’s never been “of Baseball”) hasn’t yet taken any action, but last week one organization as critical to baseball geeks, Baseball Reference, the go-to for official baseball information at www.baseball-reference.com, took a gigantic leap in what I’m referring to as presenting reliable information. They incorporated Lester’s and SABR’s information and rightfully publish the newly available data thereby reaching data integrity. The great Stan Musial, for example, is no longer the 1943 batting average leader having attained a .357 (!) earned run average. Atop Stan the Man are Tetelo Vargas with the New York Cubans (.471) and Josh Gibson from the Homestead Grays (.466). You may think that Don Larsen pitched the only World Series no-hitter in 1956. That’s yesterday’s news since it’s come to light that Claude “Red” Grier did the same 30 years earlier for the Bacharach Giants of Atlantic City.
Maybe you are more of a baseball head than I. Many are. Maybe you could give two hoots about it. Many don’t. One thing I can say is that from baseball, a mere sport, there can be found useful life lessons. Today, I wanted to share one of those. It’s about the most basic, universal act of merely using information. Unless and until the data is available and has integrity the fact that it is confidential or even that some of it exists at all makes less than a triad.
Oh, and Go Cubs, Go!
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
