Information Systems Security

1. What are the three components of the C.I.A. triangle? What are they used for?

Confidentiality: Information should only be accessible to its intended recipients.

Integrity: Information should arrive the same as it was sent.

Availability: Information should be available to those authorized to use it..

Conclusion

The CIA triad is a very fundamental concept in security. Often, ensuring that the three facets of the CIA triad is protected is an important step in designing any secure system. However, it has been suggested that the CIA triad is not enough. Alternative models such as the Parkerian hexad (Confidentiality, Possession or Control, Integrity, Authenticity, Availability and Utility) have been proposed. Other factors besides the three facets of the CIA triad are also very important in certain scenarios, such as non-repudiation. There have been debates over the pros and cons of such alternative models, but it is a discussion for another time.

2. If the C.I.A. triangle is incomplete, why is it so commonly used in security?

The CIA triangle is still used because it addresses the major concerns with the vulnerability of information systems.

3. Describe the critical characteristics of information. How are they used in the study of computer security?

Availability: Authorized users can access the information

Accuracy: free from errors

- if info has been intentionally or unintentionally modified it is no longer accurate

Authenticity: quality or state of being genuine or original, rather than reproduced or fabricated

Confidentiality: preventing disclosure to unauthorized individuals.

Integrity: whole and uncorrupted, integrity of the info is threatened when the info is exposed to corruption, damage, destruction or other of its authentic state.

Utility: has a value for some purpose.

Possession: Ownership

4. Identify the five components of an information system. Which are most directly affected by the study of computer security? Which are most...