8 The Basics of Information Security UTILITY Utility refers to how useful the data is to us.Utility is also the only principle of the Parkerian hexad that is not necessarily binary in nature;we can have a vari- ety of degrees of utility,depending on the data and its format.This is a some- what abstract concept,but it does prove useful in discussing certain situations in the security world.For instance,in one of our earlier examples we had a shipmen of back p pes f which w encrypted and of which were r n,the encryp would likely be of very little utility,as the data would not be readable.The unencrypted tapes would be of much greater utility,as the attacker or unau- thorized person would be able to access the data. ATTACKS and angles When we exactly makes up an atta we can ling to th type of attack that it represents,the risk the attack represents,and the controls we might use to mitigate it. Types of Attacks When we look at the types of attacks we might face,we can generally place them into one of four categories:interception,interruption,modification,and fabrication.Each category can affect one or more of the principles of the CIA triad,as shown in Figure 1.3.Additionally,the lines between the categories of attack and the particular effects they can have are somewhat blurry.Depending Confidentiality Interception Integrity ·Modification Fabrication ·Interruption Availability Modification .Fabrication FIGURE 1.3 Categories of Attack8 The Basics of Information Security Utility Utility refers to how useful the data is to us. Utility is also the only principle of the Parkerian hexad that is not necessarily binary in nature; we can have a vari￾ety of degrees of utility, depending on the data and its format. This is a some￾what abstract concept, but it does prove useful in discussing certain situations in the security world. For instance, in one of our earlier examples we had a shipment of backup tapes, some of which were encrypted and some of which were not. For an attacker, or other unauthorized person, the encrypted tapes would likely be of very little utility, as the data would not be readable. The unencrypted tapes would be of much greater utility, as the attacker or unau￾thorized person would be able to access the data. Attac ks We may face attacks from a wide variety of approaches and angles. When we look at what exactly makes up an attack, we can break it down according to the type of attack that it represents, the risk the attack represents, and the controls we might use to mitigate it. Types of Attacks When we look at the types of attacks we might face, we can generally place them into one of four categories: interception, interruption, modification, and fabrication. Each category can affect one or more of the principles of the CIA triad, as shown in Figure 1.3. Additionally, the lines between the categories of attack and the particular effects they can have are somewhat blurry. Depending Interception Interruption Modification Fabrication Interruption Modification Fabrication Availability Integrity Confidentiality Figure 1.3 Categories of Attack