It’s About Availability and Integrity (not so much Confidentiality)

I have frequently contended that the more important aspects of security are availability and integrity, not confidentiality (the old C-I-A triad should be A-I-C in order of importance). That is not to say that confidentiality and privacy aren’t extremely important—they certainly are. But in many cases you can live with less-than-perfect confidentiality, but you cannot function if the system is unavailable and you may not want to use a system if the data have been contaminated and lack integrity.

There was a catastrophic failure of computer processing systems at the Ulster Bank, part of the Royal Bank of Scotland (RBS), on June 19, 2012. It engendered urprisingly little press coverage outside the U.K. The loss of a working production system for a period of about a month will cost the bank, by some estimates, at least 60 million Euros, as pointed out in the July 17, 2012 report by Charlie Weston with the title “Ulster Bank faces €60m compensation bill” at

According to reports, the outage was caused by an attempt to patch the batch production scheduling system sold by Computer Associates, CA-7, which is said to process 250,000 computer jobs at Ulster Bank overnight. I first became familiar with the CA-7’s predecessor production scheduling system in the mid-1980s. At that time it was called UCC-7 and was a product from University Computing Company (subsequently named UCCEL Corp.). UCCEL and its products were purchased by Computer Associates in 1987. My team implemented UCC-7 with great success. In fact, it was a breakthrough application of the tool since the company’s batch cycle, which was owned by the firm for which I worked, was run by a third party “facilities manager.” There had been a number of problems … many of which arose from the increasing complexity of the jobs. The challenge was to have my staff control the production cycle remotely since they did not have access to the service provider’s data center.

Post a Comment

Your email is never published nor shared. Required fields are marked *