In elementary school the game of telephone is used when the teacher wants to demonstrate a lesson like the importance of listening or the problem with gossip. The teacher leans into the first student’s ear and provides a simple sentence to be repeated to each person in the line. For example, the teacher leans into the first student’s ear and whispers “I have a dog named Bella.” When the last child in line announces the message that has reached him it has now morphed into something totally different than the original message, like “She wants dogs to be lazy.
What does the game of telephone have to do with security?
The game of telephone can demonstrate three important goals of security:
- Confidentiality—preventing unauthorized disclosure
- Integrity—assuring accuracy of data
- Availability—ensuring resources are ready for use when we need them
Confidentiality
When you play telephone you are supposed to whisper what you are told so that others can’t hear and you are only to repeat what you hear to the person next to you in line. These rules are in place to protect the confidentiality of the phrase being repeated. If a person hears the phrase before it is his or her turn the game is ruined. System access requirements (passwords, requiring authorizations for obtaining access) are in place to protect the confidentiality of data by preventing individuals from obtaining access to data unless they require it to fulfill their responsibilities.
Integrity
In the game of telephone maintaining the integrity of the phrase means keeping the message from being changed. One way that the integrity of information is protected is restricting the ability to change data. If you played a game of telephone with just 5 people you would have a much better chance of the phrase being unaltered when it reached the end of the line than if you played the game with 10 people. The fewer people in the line the fewer the opportunities for the phrase to be changed along the way. Similarly limiting the ability to change data limits the chance of an unauthorized change leading to error filled reports or decisions made based on bad data.
Availability
Telephone is not a game that can be played by one person, or even two people, effectively. The game of telephone requires a group of people. The people become the system through which the phrase is processed, similar to how data is processed by an IT resource or system. If you don’t have a few friends around you can’t play telephone and if you don’t have access to a system when you need it, you can’t do the work you need to do. Security products like antivirus and antispyware programs help ensure your computer is working when you need it to be.
Security policies and procedures are in place to fulfill the three goals of security. Understanding the concepts of confidentiality, integrity and availability is essential to understanding security.