Computer Science Homework Help

Hi, please, respond to these peers:

Peer # 1

CIA The Triad of Security

The CIA triad of security consists of the three most important and crucial elements necessary for the development and maintenance of an organizations cyber security. Confidentiality, integrity, and availability all work together to ensure the best protection of an organizations network. The confidentiality element ensures that access to sensitive and private information is appropriately authorized and maintained to approved individuals only (Fruhlinger, 2020). The integrity element ensures that data can only be edited or modified by approved individuals with appropriate access. The availability element ensures that the approved users can access data appropriately whenever they may need to. The combination and even opposition of these three elements working together allows cyber professionals to accurately analyze the security processes and policies within an organization to determine efficiency and effectiveness, and if adjustments or upgrades are required.

Often, these elements may conflict making it hard for them to equally coexist at the same level of importance. As a result, one element may take precedence over the other two depending on the characteristics of security necessary at the time.

Confidentiality Over Integrity and Availability

Confidentiality may reign as the supreme element within the triad for an online retail organization, specifically regarding its consumer’s private and personal information. Identifying and personal information such as full names, addresses, and bank account information is stored and maintained within the networks and systems of the organization. Consumers rely on the security and confidentiality practices of the organization to keep their private information safe and secure. Thus, the restriction of the data from being accessed by an unauthorized user is key to maintaining consumer trust.

Integrity Over Confidentiality and Availability

Integrity may be the most valuable element within the triad for any organization, specifically regarding its financial information. The financial statements should all ways be represented accurately and honesty for reporting and investing purposes. As such, changes in this data should be limited and constantly monitored, and alerts implemented to notify appropriate and approved individuals when data has been changed. Integrity of data remaining intact can be ensured with read-only access whenever appropriate so that data can be accessed for viewing but will need proper approvals to be edited or adjusted.

Availability Over Confidentiality and Integrity

Availability may be considered the most important element within the triad for an organization specifically regarding the products or services being sold to consumers. It is essential that products and services are readily available for consumers to purchase. For online operations, an organization needs to maintain inventory, “keep hardware up-to-date, monitor bandwidth usage, and provide failover and disaster recovery capacity if systems go down” (Fruhlinger, 2020). For in-store operations, inventory and services must be maintained and made readily available for consumers to purchase or use.
Though overlap of the elements may occur and sometimes clash, the key to the most efficient and effective implementation of the triad is ensuring all 3 elements are addressed.

References

Fruhlinger, J. (2020, February 10). The CIA Triad: DEFINITION, components and examples. CSO Online. Retrieved from https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.html.

Peer # 2

Confidentiality, integrity, and availability, are three crucial principles that help companies adopt a robust security infrastructure. The CIA triad of protection is essential because it provides vital security aspects, aids in preventing compliance concerns, safeguards company stability, and prevents the image of an organization.

Confidentiality guarantees that only authorized groups have access to data. Confidentiality is “about restricting access to data to stop unapproved release” (Walkowski, 2019). Personally identifiable information or PII is a type of information that needs to be confidential. For example, the purchasing department of a company has to order and ship headsets to each employee’s home address. The department sent one email to all employees. Because the department requests employees’ home addresses, PII advised everyone to respond individually to the email. Employees, in this case, trust that their information is secured with the purchasing department than to reply to all. This is an example where the confidentiality of a system is more important than the integrity or availability of that system.

Integrity is the ability of a system to keep the information as-is and can only be modified by authorized people. “Data must not be revised or edited in any means” (CIS, 2018). For instance, when auditors or investigators collect some facts during the fieldwork. These data need to be conserved as gathered because they may not transmit the truth by editing the data. This demonstrates where the integrity of a system is more important than the confidentiality or availability of that system.

Availability is more important than integrity and confidentiality in the record-keeping department because another department may need important information. When the access code is lost or forgotten, the availability of the record will be restraint. “Systems, applications, and data are of little value to an organization and its customers if they are not accessible when authorized users need them” (Walkowski, 2019).

In some ways, each CIA triad of security elements is more important than others. However, well management of them simultaneously can be beneficial to a company. The disclosure, alteration, or destruction of data, systems, or applications will harm the company. Each company may choose its priority depending on its need and must not neglect the other two components. “Depending on an organization’s security goals, industry, regulatory requirements, or nature of their business, one of these principles may take priority over others” (Unitrends, 2021).

References

CIS. (2018, April 27). Election security spotlight – CIA triad. https://www.cisecurity.org/spotlight/ei-isac-cybersecurity-spotlight-cia-triad/

Unitrends. (2021,May 6). The CIA triad and its importance in data security. https://www.unitrends.com/blog/cia-triad-confidentiality-integrity-availability

Peer # 3

Hello Peer M.

This is a fantastic post on how the three elements of information security can be important within the same industry, depending on what the purpose is or the department designing the system. To buttress your point, I would add that confidentiality is the central purpose of HIPAA, hence it can be argued that this the most critical element when designing a system in healthcare facilities. Many hospitals have faced litigations due to confidentiality failures arising from violating HIPAA. This article provides examples of such HIPAA violation cases: https://www.providertech.com/disastrous-hipaa-violation-cases-7-cases-to-learn-from/.