Research essay
Question

CIA is the underlying concept of providing uninterrupted, continuous and reliable access to information resources. Critically examine the CIA concept identifying the strengths and weaknesses of it and compare and contrast it against other similar models.

Details

Word limit is 2,500 (± 10%) (includes titles and references but NOT bibliography)
Sage Harvard referencing

***2 models should be compared with the CIA triad, AAA and CIAAN.

Used Solution/ Sample Assignment

CIA CONCEPTS

Introduction

CIA is a type of security model which was developed to improve the security policies within an organization. CIA has three key elements which are Confidentiality, Integrity and Availability. CIA is also called as CIA Triad (CIA, 2020). CIA Triad is very much useful for the cybersecurity of a company. It helps a company to secure their private and important data from any unauthorized access. It is very much useful to minimize data breaches. CIA is not able to secure the private data of the users properly from various types of unauthorized access. There are also two separate models which are known as the AAA Model and CIAAN Model. The AAA Model stands for Authentication, Authorization and Accounting. It is a security framework that is used to protect the user during accessing a private authorized network (Microsoft, 2020). On the other hand, CIAAN Model stands for Confidentiality, Integrity, Availability, Authenticity, and Non- Repudiation. Moreover, IT people also use threat modeling to identify the vulnerabilities and threats on a website or system (Udel, 2020). The primary goal of this threat modeling is to identify the threat and resolve it. Microsoft threat modeling tool is also a very popular tool for threat modeling. The main perspective of this essay is to highlight the key concepts and features in data security management for large networks. The availability, accessibility, confidentiality and authorization are some of the main elements of cyber security as discussed in the main body. The write-up consists of a compare and contrast section of the CIA with AAA and Parkerain Hexad triads.

Main Body

Examination of the CIA concepts

CIA is known for its Confidentiality, Integrity and Availability based information security, where it is capable of evaluating the security of the organization. These three theories or principles together form the foundation for the security infrastructure of any organization. It is a type of security model and uses to guide the country by providing various types of security policies related to the information to the country (Rademaker, 2016). The countermeasures which are used to ensure the availability such as hardware fault tolerance, redundancy which includes services, networks, and applications, upgrades of system, denial of service protection solutions, software updates, etc. The confidentiality can maintain by countermeasures such as authentication mechanism, data labeling and classification, strong access control, data encryption, etc. Some count measures which can able to protect the data integrity such as digitals signatures, intrusion detection system, digital certificates, hashing, data encryption, version control, auditing, etc. This agency emphasizes on:

Confidentiality: The commitment is regarding information technology and various data which only authorized people to have the right to access. The password and the user id taking along the policy-oriented security and power of control lists are a few of the productive methods to attain confidentiality. It is considered more important in comparison to other goals because the information’s value is dependent on reducing access to the same (Forcepoint, 2020). For example, if there are cases regarding proprietary information in a company then confidentiality is very essential.

Integrity: This is for making sure that the information and the data are trustworthy. It also ensures the editing process which is carried out by authorizing many people and after that carrying over the algorithms of data encryption which is the main procedure for several integrity standards. Integrity also gives assurance that the data is correct and reliable. Measures in integrity supply assurance to complete and measure the accuracy of every data. For protecting information the data that needs to be stored as well as the data that needs to be transmitted are included like email. Effective integrity measures should also have protection against any alteration made unintentionally like data loss or user errors that occur from system malfunctioning (CIA, 2020). Countermeasures such as rigorous authentication and access control help in obstructing the unauthorized users so that any unauthorized changes cannot be made.

Availability: This reflects various information and data where the maximum amount of data depends on the software repairing or upgrading network optimization, maintenance of hardware that makes sure of the availability. It also allows authorized users to easily reach the resources and systems they require. The measures of availability protect uninterrupted and timely access to the system (Microsoft, 2020). The prime unavailability threats are generally non-harmful that includes problems in network bandwidth, unscheduled software frequency range and hardware failures.

Strengths and weakness

CIA’s strengths regarding cybersecurity comprises several privacy measures in which assurance is given upon confidentiality that prevents any kind of sensitive information from reaching on the hands of the wrong people. CIA is useful to access the restricted information only for authorized users for viewing the data that contains some doubt or questions. This particular model is commonly used in all the sectors of data and information management. These are differentiated on the basis of damage caused to the data and chances of getting accessed by any unwanted person or group. Specific measures are required to be undertaken to involve the rigorous categories so that the confidentiality of data is safeguarded by giving special and proper training to the persons who are acquainted with such documents. There are certain security risks that can be found while giving training; the risks can result in giving threats regarding any particular information. Therefore training can be beneficial to familiarize the people having authorization along with various risk conditions (Buckbee, 2020). The aspects have a connection with the password oriented practices and strong passwords which helps in preventing the obstacles or complexities from deforming the rules of data handling with absolute and proper intentions. Some examples include biometric verification, security tokens and data encryption methods.

Strengths

Integrity includes some strength that involves accuracy and consistency of various data at first then giving priority to the data cycle of life. The data should not consist of the needs and changes that require making sure regarding any specific changes made by some of the unauthorized people at the time of the data breach (Rademaker, 2016). The customer’s access to controlling the data is one of the measures to be considered. The data can comprise the cryptographic based checkups and the checksums. If any data gets affected or damaged, then the redundancies and the backs are necessary for restoring purposes.

The availability is responsible for the maintenance of the hardware and does its job by working on the repairs usually needed for maintaining several functional operations. The reason for utilizing availability is pushing it to work for the required system upgrades at first and the next step is handling over the essential bottlenecks. The RAID, failover and redundancy are considered essential for mitigating all of the consequences which occur usually when there are hardware issues (Udel, 2020). For safeguarding the interruptions and the data loss while forming connections, the overall emphasis should be on a particular backup copy and the occurrences that might be required for storing along with the geographically isolated location. Additional security is also required for the proxy servers and the firewalls which might be regarded as a protection against the paused unreachable data primarily because of some malicious and evil actions such as network intrusions and denial-of-service attacks.

Large amounts of data contain several challenges and most of the challenges are considering the CIA paradigm which acquires a heavy amount of information that requires getting proper protection (Rouse, 2020). Clusters of data can be found duplicated for which specific measures need to be taken. Besides that, there are certain plans regarding the recovery of disasters and their work is to operate and resolve the data sets which are duplicate. The foremost concern about the large data is arranging different kinds of information through interpreting and handling the necessary data carrying over the whistleblower. Privacy involving the Internet of Things is regarded as an essential part of safeguarding the information of each person so that it does not get exposed to the entire world. The identifier has a unique capability for making communication with the operating procedure at the endpoint of time and can also result in causing some privacy issues (Rouse, 2020). All security standards have been described for challenges in IoT as it mainly comprises the computers which have an internet connection where configuration and unpatched techniques are present with the weak passwords and default systems.

IoT is related to the services of the Internet where it enables devices that are useful to handle the different attack vectors as well as several parts considering the material bot (Andersson, You and Palmieri, 2018). The concept utilizes the location or place in which the researchers have demonstrated regarding the adjustable network through Wi-Fi.

Weaknesses

The weaknesses of the CIA are interconnected with the information. The security measures that are needed to handle IT security is the main factor of this thing. The availability helps to confirm that no one needs to give important and essential information as per the demands. It also secures that for the resources there is no drop off access (Forcepoint, 2020). However, this can no longer be able to prevent the unauthorized use of hardware resources. Anyone can utilize the hardware resources for any illegal work. It is very much important to implement good security policies in the organization to stop data and resource breaches. Apart from that, proper planning and acknowledging the principles are also very essential. Moreover, the limitations of the security policy which is present in the firm need to reduce.

Compare and Contrast between CIA, AAA and Parkerian Hexad

The computer security model is the other model of CIA. Various security policies can be enforced and identified with this model. This is also used to focus on the right to access.

Comparison

CIA Model:

This model can provide access to authority whenever the data is required to be accessed. Moreover, it provides confidentiality to sensitive information. In CIA model, when the data is about to transit from one place to another and there is a possibility of data piracy then the sender can encrypt the real data to protect against any unusual third party (Díaz Redondo et al. 2020). CIA model is designed to protect the sensitive and private data from any unauthorized modification with its integrity policy.

Parkerian Hexad Model:

Parkerian Hexad security model can provide access to the authority whenever they need. This model also provides confidentiality to the information and ensures that only the real authority can decrypt the data with the exact decryption key. This model also provides confidentiality to the information and ensures that only the real authority can decrypt the data with the exact decryption key (Rouse, 2020). This model is designed with integrity that protects data from any unauthorized modification and ensures the accuracy of the data.

AAA:

AAA security model has no such facility with availability of authorization for accessing data at any particular time. AAA cannot perform the confidentiality of data and does not focus on cryptography. But the model AAA has no facility with data integrity (Forcepoint, 2020). With the help of authentication, the AAA security model can ensure and verify the origin and integrity of the document. The system can verify the original user before accessing the account.

Contrast

CIA and Parkerian Hexad model can provide the facility of Confidentiality, Availability, and integrity but the model AAA is not able to work on these attributes. Parkerian Hexad model can ensure the protection of their network from the cyber attackers who are willing to heist data from his network. But the other two models cannot perform the following attribute. Parkerian model also works on the utility of the data management system and can cover the whole cryptography process for the user. But the other two models cannot perform the attribute. The AAA model’s accounting service enables the authority to monitor the access point of the resources, the person who is accessing the data, and access time which cannot be performed by the Parkerian Hexad model and CIA model (Slade, 2017). This AAA model provides the facility to authorize the user and then provides access to certain services that are determined by the authority and the administrator. On the other hand the CIA and Parkerian model lags in terms of this particular feature.

The Best Security Model

It is the age of digital business and information transactions. In this digital area of business, the business authority is digitalizing their information that increases the chance of data hacking. CIA may be the best option for the information security purpose because,

This triad will guide an organizer to implement its overall data and information security policies. The CIA triad can provide an industrial standard cybersecurity framework, focusing on integrity. This security control or safeguard will provide protection types; confidentiality, integrity, and availability (Rademaker, 2016). The CIA triad provides a holistic security plan so that it can protect the sensitive assets and information of the industry. CIA triad can properly ensure Cybersecurity with its ingredients; confidentiality, integrity, and availability. And these are the reasons why the CIA is recognised as the best information security model.

Conclusion

This can be concluded from the above context that the CIA model is very much important and helpful for the protection of cybersecurity standards. This model is also very useful for understanding security standards very effectively. The availability, integrity and confidentiality help to hide and protect important information and data from hackers. The CIA triad is mainly focused on encryption methods and cryptography methods. It is used to make sure that the data is transferred from one system to another system safely. A security attack is a type of stealing data of any user from an information system such as websites. The hackers use phishing technology to seal the data from the users unethically. Integrity is mainly used to maintain completeness and data accuracy. It also helps to protect the data from unethical hackers. The data cannot be changed without any proper authorization. The main findings were that the CIA model is an older model and has been commonly used in all sectors. The modified version of CIA is addressed via the Parkenian Hexad and is considered as better security measure than the CIA. Other than that the AAA model is also considered as more efficient cyber security framework than the CIA. The core elements of CIA although has to be considered within the framework of the AAA as well as the Parkerain Hexad triads which is Availability for the data at the time of requirement with proper authorization. This is why the CIA is the best model in the field of data security models.

References

Andersson, K., You, I. and Palmieri, F., 2018. Security and Privacy for Smart, Connected, and Mobile IoT Devices and Platforms. Security and Communication Networks, 2018, pp.1-2.

Brook C (2020) What is Data Integrity? Definition, Best Practices & More. Digital Guardian, Available from: https://digitalguardian.com/blog/what-data-integrity-data-protection-101 (accessed 19 October 2020).

Buckbee M (2020) What is the CIA Triad?. Inside Out Security, Available from: https://www.varonis.com/blog/cia-triad/ (accessed 19 October 2020).

Cryptomathic (2020) What is non-repudiation?. Cryptomathic.com, Available from: https://www.cryptomathic.com/products/authentication-signing/digital-signatures-faqs/what-is-non-repudiation (accessed 19 October 2020).

Etutorials (2020) The Cisco AAA Model :: Chapter 3: Cisco AAA Security Technology :: Part II: Securing the Network Perimeter :: CCSP Cisco Certified Security Professional Certification :: Networking :: eTutorials.org. Etutorials.org, Available from: http://etutorials.org/Networking/Cisco+Certified+Security+Professional+Certification/Part+II+Securing+the+Network+Perimeter/Chapter+3+Cisco+AAA+Security+Technology/The+Cisco+AAA+Model/ (accessed 19 October 2020).

Forcepoint (2020) What is the CIA Triad?. Forcepoint, Available from: https://www.forcepoint.com/cyber-edu/cia-triad (accessed 19 October 2020).

Leonardo G (2011) Security Models: CIA and CIAAN. Securopia, Available from: https://securopia.wordpress.com/2011/08/25/security-models-cia-and-ciaan/ (accessed 19 October 2020).

Microsoft (2020) Microsoft Security Development Lifecycle Threat Modelling. Microsoft.com, Available from: https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling (accessed 19 October 2020).

R. Patil H and Lush J (2020) The Why, What and How of Cybersecurity for Accountants – CPA Trendlines. CPA Trendlines, Available from: https://cpatrendlines.com/2018/11/28/the-why-what-and-how-of-cybersecurity-for-accountants/ (accessed 19 October 2020).

Rademaker, M., 2016. Assessing Cyber Security 2015. Information & Security: An International Journal, 34, pp.93-104.

Rouse M (2020) What is the CIA Triad?. WhatIs.com, Available from: https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA (accessed 19 October 2020).

Slade, R., 2017. CIA Triad Versus Parkerian Hexad. [online] (ISC)² Blog. Available at: <https://blog.isc2.org/isc2_blog/2008/12/cia-triad-versus-parkerian-hexad.html> [Accessed 22 October 2020].

Spacey J (2017) What is Data Availability?. Simplicable, Available from: https://simplicable.com/new/data-availability (accessed 19 October 2020).

udel (2020) Managing data confidentiality. Www1.udel.edu, Available from: https://www1.udel.edu/security/data/confidentiality.html (accessed 19 October 2020).

Get solved or fresh solution on CIA Concepts Research Essay Assignment and many more. 24X7 help, plag free solution. Order online now!