Importance of Security in Today's World Flashcards
List out what the acronym stands for in the CIA triad.
Confidentiality, Integrity and Availability
Summarize the characteristics of the integrity principle in the CIA triad.
Ensuring that information is accurate, complete, and trustworthy
Using digital signatures or other methods to verify the authenticity of information
Using access controls to prevent unauthorized changes to information
Keeping backups of important information to ensure that it can be restored if it is lost or damaged
By providing a suitable example, demonstrate the principal of availability based on the CIA triad.
Example: a company relies heavily on a web-based application to process customer orders and payments. The availability principle would ensure that the application is always accessible to customers and employees who need it to conduct business. Some ways the principle of availability is applied:
Redundancy: To ensure the application is always available, the company might use redundant servers, load balancing, or failover systems.
Monitoring: The company might use monitoring tools to track the performance of the application and its underlying infrastructure.
Maintenance: The company might perform regular maintenance on the application and its underlying infrastructure to keep everything running smoothly.
Disaster recovery: The company might have a disaster recovery plan in place to ensure that the application can be quickly restored in the event of a major outage or disaster.
Differentiated between confidentiality and availability.
Confidentiality refers to the protection of information from unauthorized disclosure. This means ensuring that information is only accessible to authorized parties who have a legitimate need to access it. Confidentiality is typically achieved through the use of encryption, access controls, and other security measures. For example, when you send an email that contains sensitive information, you might encrypt the email so that only the intended recipient can read it.
On the other hand, availability refers to the protection of information from unauthorized denial of access. This means ensuring that information is always accessible to authorized parties when they need it. Availability is typically achieved through redundancy, monitoring, maintenance, and disaster recovery planning. For example, when you access your online banking account, the bank’s systems are designed to ensure that the account is always available and responsive to your requests.
Assess the importance of integrity for web applications with regard to the CIA triad.
Web applications often handle sensitive information, such as personal data, financial information, and confidential business data. If this information is altered or modified in any way, it can result in significant damage to individuals, organizations, and even entire industries. For example, if an attacker were to alter the price of a product on an e-commerce website, this could result in the theft of funds or loss of customer trust.
Integrity ensures that information is accurate, complete, and trustworthy. In the context of web applications, integrity is critical for ensuring that the data transmitted between the user’s browser and the server is not tampered with, altered or modified by unauthorized parties. The principle of integrity can be applied to web applications in the following ways:
Data validation: Web applications should validate all user input data to ensure that it is in the expected format and free of malicious code or characters that could be used to exploit vulnerabilities in the system. This prevents attackers from modifying the data sent to the server or injecting malicious code that could compromise the integrity of the application.
Access controls: Web applications should restrict access to sensitive information to only authorized parties who have a legitimate need to access it. Access controls prevent unauthorized users from modifying or deleting data from the system.
Digital signatures: Web applications can use digital signatures to ensure that data has not been altered during transmission. Digital signatures verify the authenticity of data and provide a mechanism for ensuring that data has not been tampered with.
Design a list of countermeasures for an online learning management system that would apply all three principles of the CIA triad.
Confidentiality:
Encryption: The LMS should use encryption to protect sensitive data, such as student records, test scores, and other personal information, both in transit and at rest.
Access controls: The LMS should implement access controls to ensure that only authorized users have access to sensitive data. This can include requiring strong passwords, multi-factor authentication, and limiting access based on the user’s role and responsibilities.
Auditing: The LMS should keep an audit trail of all user activity to help detect and prevent unauthorized access to sensitive data. This can help administrators quickly identify potential security incidents and take appropriate action.
Integrity:
Data validation: The LMS should validate all user input data to ensure that it is in the expected format and free of malicious code or characters that could be used to exploit vulnerabilities in the system. This prevents attackers from modifying the data sent to the server or injecting malicious code that could compromise the integrity of the application.
Backups: The LMS should implement regular backups to ensure that data can be restored in the event of a security incident or data loss. This helps maintain the integrity of the system and ensures that critical data is not lost.
Change management: The LMS should implement a change management process to ensure that all changes to the system are authorized and properly tested before being implemented. This helps prevent accidental or intentional modifications that could compromise the integrity of the system.
Availability:
Redundancy: The LMS should implement redundancy measures, such as load balancing and failover systems, to ensure that the system is always available to users. This helps prevent downtime or outages if one of the servers fails.
Monitoring: The LMS should use monitoring tools to track the performance of the application and its underlying infrastructure. This could help identify issues before they become major problems, and allow the company to respond quickly to any issues that do arise.
Disaster recovery: The LMS should have a disaster recovery plan in place to ensure that the system can be quickly restored in the event of a major outage or disaster. This could involve backing up data, replicating the application to a secondary site, or using cloud-based services to ensure that data and applications are always available.
Information’s value is derived from its distinct characteristics. Distinguish between all the characteristics of information.
Accuracy: Information must be accurate to be useful. Accurate information provides a reliable basis for decision-making and reduces the risk of errors or mistakes.
Completeness: Information must be complete to provide a comprehensive understanding of a topic or situation. Incomplete information can lead to incorrect conclusions and decisions.
Relevance: Information must be relevant to the task at hand to be useful. Irrelevant information can lead to confusion and distract from the task at hand.
Timeliness: Information must be timely to be useful. Timely information enables timely decisions and actions, while outdated information can be useless or even harmful.
Consistency: Information must be consistent to be reliable. Inconsistent information can lead to confusion and errors in decision-making.
Accessibility: Information must be accessible to be useful. Accessible information can be easily retrieved and used when needed, while inaccessible information can be useless.
Security: Information must be secure to protect it from unauthorized access or modification. Secure information reduces the risk of breaches, data theft, or other malicious activities.