The CIA Security Model (CIA Triad)
As computer systems have become more and more sophisticated over the time, it has become less and less credible to ensure security by inspection and intuition alone. However, standard methods of analyzing different aspects of the area have been developed to identify and apply key principles of the area, but the area of Security Analysis is constantly developing as new secure designs are invented and so are the new ways of breaking them. In many cases, systems are so complex that it is impossible find a secure solution. In situations like such, instead improvement measures, one should focus towards counter-measures.
The CIA principle
One of the widely acceptable security model is the CIA triad, which stands for Confidentiality, Integrity and …show more content…
Availability. These three key principles are applicable across the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet.
Confidentiality: Confidentiality is the ability to hide information from unauthorized people.
Cryptography and Encryption methods are best ways to ensure confidentiality of data transferred from one computer to another.
Integrity: The ability to ensure that data is an accurate and unchanged representation of the original secure information. One type of security attack is to intercept some important data and make changes to it before sending it on to the intended receiver.
Availability: The best way to ensure Availability is by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts. It is also very important to keep current with all necessary system upgrades.
There are different types of solutions available, depending on the nature of the attack to defend against. Certain possible approaches are:
• Security by Design
Certain issues can be addressed by identifying and sticking to a set of guidelines such as writing secure code one must specify that particular library functions are considered "unsafe" and alternatives should be used. A program, which exhibits insecure behavior, can be rewritten to avoid
this.
• Security by Compromise
This is applicable to a situation where the speed at which a computer completes a particular task gives away some information about what it is doing. A possible approach to solve this is to introduce random delays to the system in order to disguise its behavior.
• Security by Analysis
A complex system can be tested against the security level but are unsure as to how well-written it is. One approach is to apply tests which attempt to break into your system; either using formal reasoning, or simply by attempting to deduce "secret" information from the behaviour you can observe. Sometimes special "hacking software" is written for this purpose (although in the wrong hands it can equally be applied to attempting to hack into someone's computer or program!)
E. (n.d.). Confidentiality, Integrity and Availability. Retrieved February 03, 2018, from http://www.yourwindow.to/informationsecurity/gl_confidentialityintegrityandavailabli.htm
The CIA principle
One of the widely acceptable security model is the CIA triad, which stands for Confidentiality, Integrity and …show more content…
Availability. These three key principles are applicable across the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet.
Confidentiality: Confidentiality is the ability to hide information from unauthorized people.
Cryptography and Encryption methods are best ways to ensure confidentiality of data transferred from one computer to another.
Integrity: The ability to ensure that data is an accurate and unchanged representation of the original secure information. One type of security attack is to intercept some important data and make changes to it before sending it on to the intended receiver.
Availability: The best way to ensure Availability is by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts. It is also very important to keep current with all necessary system upgrades.
There are different types of solutions available, depending on the nature of the attack to defend against. Certain possible approaches are:
• Security by Design
Certain issues can be addressed by identifying and sticking to a set of guidelines such as writing secure code one must specify that particular library functions are considered "unsafe" and alternatives should be used. A program, which exhibits insecure behavior, can be rewritten to avoid
this.
• Security by Compromise
This is applicable to a situation where the speed at which a computer completes a particular task gives away some information about what it is doing. A possible approach to solve this is to introduce random delays to the system in order to disguise its behavior.
• Security by Analysis
A complex system can be tested against the security level but are unsure as to how well-written it is. One approach is to apply tests which attempt to break into your system; either using formal reasoning, or simply by attempting to deduce "secret" information from the behaviour you can observe. Sometimes special "hacking software" is written for this purpose (although in the wrong hands it can equally be applied to attempting to hack into someone's computer or program!)
E. (n.d.). Confidentiality, Integrity and Availability. Retrieved February 03, 2018, from http://www.yourwindow.to/informationsecurity/gl_confidentialityintegrityandavailabli.htm