Write-Up #1: The CIA Triad

Using the Chai Article (Links to an external site.), along with additional research you will conduct on your own, describe the CIA Triad and the differences between Authentication & Authorization, including an example.

CIA triad is a security model several million businesses use to keep their data unharmed and from data exfiltration by helping provide efficient policies to maximize the endeavors to protect themselves and their data. The broadly recognized model promotes the development of security policies. When distinguishing problem areas and solutions for information security, the security model generates security policies and produces valuable resolutions and systems.

The contrast between confidentiality, availability, and integrity is that confidentiality focuses on keeping sensitive information private by having only authorized users and processes access or modifying data by encryption to prevent unauthorized access to protected data. Confidentiality highlights the need for information protection to ensure unauthorized users are blocked to prohibit access to the protected information. For efficient integrity, there must be countermeasures to defend against unintentional alteration and system malfunction. Integrity concentrates on the consistency of the data alongside networks and systems by mitigation and proactive divisions to restrict unapproved alterations by unauthorized users and proper transmission of information amongst approved users that perform alterations. The integrity of the CIA Triad can seize data that has been compromised maliciously or lost. However, Availability focuses on authorized users who are able to access data freely to access their network, data, and systems for their daily activities, as well as hardware redundancy with backup servers to guard, detect, and protect against DoS attacks against the system. The availability of the CIA Triad settles hardware and software conflicts. It has conventional maintenance to keep the system current and prepared for accredited users to conduct their quotidian duties. Availability measures preserve uptime and endless admittance to the system by implementing efficient security standards to guard the system.

An example of integrity is the defacement attack, when hackers alter a website’s HTML to vandalize it. An example of availability is when a hacker performs a denial-of-service attack (DDOS) because companies must have up-to-date hardware with disaster recovery capacity implemented if systems go down and monitor bandwidth usage. An IRL example would be the DDoS attack on a massive European bank that climaxed at 809 million packets per instant with the most extensive packet volume to conquer the system gear. An example of confidentiality is an IRL data breach known as the Marriot hack, where hackers executed sniffing tools, such as RAT and Mimikatz, which gave criminals control of the administrator account. The attackers were victorious and transcended into Marriot systems because they encrypted and removed the Starwood system. In more detail, these hackers were later caught by the monitoring security tool that signaled an unusual database query. Biometrics and cryptographic keys are examples of confidentiality in which authentication embeds processes that allow systems to determine the user.

References

1. Largest ever recorded packet per second-based DDoS attack mitigated by Akamai. Akamai. (n.d.). Retrieved September 21, 2021, from https://www.akamai.com/blog/news/largest-ever-recorded-packet-per-secondbased-ddos-attack-mitigated-by-akamai.

2. Andress, J. (2015). The Basics of Information Security: Understanding the fundamentals of infosec in Theory and Practice. Amazon. Retrieved September 21, 2021, from https://www.amazon.com/Basics-Information-Security-Understanding-Fundamentals/dp/0128007443.