Fundamental Concepts of Information System Security
VerifiedAdded on  2023/01/12
|9
|2417
|66
AI Summary
This essay discusses the fundamental concepts of information system security and various measures for mitigating threats. It explores the importance of confidentiality, integrity, and availability in ensuring information security. The essay also covers tools for information security, challenges for the CIA triad, and the benefits of implementing the CIA security model. Role-based security models and the role of authentication and access control are also discussed.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: PICT848 APPLIED CYBER SECURITY
Pict848 Applied Cyber Security
Name of the Student
Name of the University
Author Note:
Pict848 Applied Cyber Security
Name of the Student
Name of the University
Author Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1PICT848 APPLIED CYBER SECURITY
Introduction
Computer and other related systems have become an important part of business and
commerce. With the passage of time, they become major point of target for attackers1. If an
individual wants to make use of system with confidence, then they need to assure the fact that the
devices are not comprised in anyhow. All the required communication with the devices needs to
be secured anyhow2.
In the essay, an idea has been provided with respect to fundamental concepts of
information system security along with various measures for mitigating the threats. An analysis
has been done with respect to method how the organization can easily stay secure. Various
measures have been discussed by which organization can improve the security has been
discussed.
Discussion
Information Security Triad
Confidentiality
At the instance of protecting information, user needs to restrict or stop the access to the
individual who is required view it. Everyone who is disallowed from learning needs to have an
idea with respect to complete content3. It is the complete essence of confidentiality like federal
laws needed to restricting the access to university.
1 Sumra, Irshad Ahmed, Halabi Bin Hasbullah, and Jamalul-lail Bin AbManan. "Attacks on security goals
(confidentiality, integrity, availability) in VANET: a survey." In Vehicular Ad-Hoc Networks for Smart Cities, pp.
51-61. Springer, Singapore, 2015.
2 Treacy, Ceara, and Fergal McCaffery. "Data security overview for medical mobile apps assuring the
confidentiality, integrity and availability of data in transmission." (2017).
Introduction
Computer and other related systems have become an important part of business and
commerce. With the passage of time, they become major point of target for attackers1. If an
individual wants to make use of system with confidence, then they need to assure the fact that the
devices are not comprised in anyhow. All the required communication with the devices needs to
be secured anyhow2.
In the essay, an idea has been provided with respect to fundamental concepts of
information system security along with various measures for mitigating the threats. An analysis
has been done with respect to method how the organization can easily stay secure. Various
measures have been discussed by which organization can improve the security has been
discussed.
Discussion
Information Security Triad
Confidentiality
At the instance of protecting information, user needs to restrict or stop the access to the
individual who is required view it. Everyone who is disallowed from learning needs to have an
idea with respect to complete content3. It is the complete essence of confidentiality like federal
laws needed to restricting the access to university.
1 Sumra, Irshad Ahmed, Halabi Bin Hasbullah, and Jamalul-lail Bin AbManan. "Attacks on security goals
(confidentiality, integrity, availability) in VANET: a survey." In Vehicular Ad-Hoc Networks for Smart Cities, pp.
51-61. Springer, Singapore, 2015.
2 Treacy, Ceara, and Fergal McCaffery. "Data security overview for medical mobile apps assuring the
confidentiality, integrity and availability of data in transmission." (2017).
2PICT848 APPLIED CYBER SECURITY
Integrity
Integrity is all about assurance of the given information which is being accessed, is not
altered anyhow and aims to highlight the required thing. Information integrity is all about
making use of information which highlights the intended meaning. Information can easily lose its
integrity by the help of malicious content like a person who is not authorized to make change
intentionally4.
Availability
Proper availability of information is considered to be a part of CIA triad. The availability
point mainly tends to highlight the fact the given information can be easily accessed and
modified by any authorized person5. Based on the kind of information proper timeframe can
result in different kind of meanings. Both data and information system are made are available as
per the need6.
Tools for Information Security
3 Gaetani, Edoardo, Leonardo Aniello, Roberto Baldoni, Federico Lombardi, Andrea Margheri, and Vladimiro
Sassone. "Blockchain-based database to ensure data integrity in cloud computing environments." (2017).
4 Fernandez, Alberto, and Karwe Markus Alexander. "Data Privacy and Confidentiality." iURBAN: Intelligent
Urban Energy Tool (2016): 35.
5 Renu, S., and SH Krishna Veni. "An Enhanced CIA tree Using String Matching Algorithm." International Journal
of Applied Engineering Research 12, no. 16 (2017): 6123-6126.
6 Sumathi, A., and B. Vinayaga Sundaram. "An ANN approach in ensuring CIA triangle using an energy based
secured protocol E-AODV for enhancing the performance in MANETS." Indian Journal of Science and Technology
8, no. 34 (2015): 1-10.
Integrity
Integrity is all about assurance of the given information which is being accessed, is not
altered anyhow and aims to highlight the required thing. Information integrity is all about
making use of information which highlights the intended meaning. Information can easily lose its
integrity by the help of malicious content like a person who is not authorized to make change
intentionally4.
Availability
Proper availability of information is considered to be a part of CIA triad. The availability
point mainly tends to highlight the fact the given information can be easily accessed and
modified by any authorized person5. Based on the kind of information proper timeframe can
result in different kind of meanings. Both data and information system are made are available as
per the need6.
Tools for Information Security
3 Gaetani, Edoardo, Leonardo Aniello, Roberto Baldoni, Federico Lombardi, Andrea Margheri, and Vladimiro
Sassone. "Blockchain-based database to ensure data integrity in cloud computing environments." (2017).
4 Fernandez, Alberto, and Karwe Markus Alexander. "Data Privacy and Confidentiality." iURBAN: Intelligent
Urban Energy Tool (2016): 35.
5 Renu, S., and SH Krishna Veni. "An Enhanced CIA tree Using String Matching Algorithm." International Journal
of Applied Engineering Research 12, no. 16 (2017): 6123-6126.
6 Sumathi, A., and B. Vinayaga Sundaram. "An ANN approach in ensuring CIA triangle using an energy based
secured protocol E-AODV for enhancing the performance in MANETS." Indian Journal of Science and Technology
8, no. 34 (2015): 1-10.
3PICT848 APPLIED CYBER SECURITY
For complete assurance of confidentiality, availability, and integrity of the given
information, organization needs to make use of light of tools. Each of the tools can be used for
providing information security policy.
Authentication
Authentication is completely achieved by proper identification of people by
understanding a list of factors like things known by them, they have and things they are. The best
way of gaining authentication is user ID and password7.
At present, there is another form of authentication that is strong is multi-factor
authentication. It is completely achieved by combination of two or more factors. It has ultimately
become difficult for an individual to misrepresent themselves. For login into the information
resources by making RSA device, individual need to combine a four-digit that is generated by
this particular device8. The most suitable way of authentication is done by understanding the
code and RSA devices.
Access Control
As soon as the user has been authenticated then very next step is all about assuring the
access to the given information resources which is appropriate. It can be done with the help of
making use of access control. The main task of access control is to analyze the user who is
authorized to delete information and modify it9.
7 Friberg von Sydow, Rikard. "Medical Records-The Different Data Carriers Used in Sweden from the End of the
19th Century Until Today and Their Impact on Confidentiality, Integrity and Availability." (2017): 41-60.
8 Boudguiga, Aymen, Nabil Bouzerna, Louis Granboulan, Alexis Olivereau, Flavien Quesnel, Anthony Roger, and
Renaud Sirdey. "Towards better availability and accountability for iot updates by means of a blockchain." In 2017
IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 50-58. IEEE, 2017.
For complete assurance of confidentiality, availability, and integrity of the given
information, organization needs to make use of light of tools. Each of the tools can be used for
providing information security policy.
Authentication
Authentication is completely achieved by proper identification of people by
understanding a list of factors like things known by them, they have and things they are. The best
way of gaining authentication is user ID and password7.
At present, there is another form of authentication that is strong is multi-factor
authentication. It is completely achieved by combination of two or more factors. It has ultimately
become difficult for an individual to misrepresent themselves. For login into the information
resources by making RSA device, individual need to combine a four-digit that is generated by
this particular device8. The most suitable way of authentication is done by understanding the
code and RSA devices.
Access Control
As soon as the user has been authenticated then very next step is all about assuring the
access to the given information resources which is appropriate. It can be done with the help of
making use of access control. The main task of access control is to analyze the user who is
authorized to delete information and modify it9.
7 Friberg von Sydow, Rikard. "Medical Records-The Different Data Carriers Used in Sweden from the End of the
19th Century Until Today and Their Impact on Confidentiality, Integrity and Availability." (2017): 41-60.
8 Boudguiga, Aymen, Nabil Bouzerna, Louis Granboulan, Alexis Olivereau, Flavien Quesnel, Anthony Roger, and
Renaud Sirdey. "Towards better availability and accountability for iot updates by means of a blockchain." In 2017
IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 50-58. IEEE, 2017.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4PICT848 APPLIED CYBER SECURITY
For each of the given information resource by an organization that focuses on managing
makes use of list of users that make use of some particular action. It is known to be an access
control list or ACL. For each of the given user, there are large number of capabilities like
reading, delete and last addition10.
Encryption
In most of the cases, organization can transmit the required information over the internet
platform. It can be transferred to some of the external media-based devices like flash drives or
even CDs. With the help of access and authentication control, it has become possible for any
unauthorized person to have easy access to data11.
Challenges for CIA
With the development of technologies, there are new kind of challenges that are imposed
by CIA triad like
Internet of things (IoT): It is the adaptation of list of thing coming into the industry that
imposes new kind of challenges. Firstly, the overall security of IoT devices in various ways as
they have been discovered in various ways to break into security12.
9 Dorri, Ali, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram. "Blockchain for IoT security and privacy: The
case study of a smart home." In 2017 IEEE International Conference on Pervasive Computing and Communications
Workshops (PerCom Workshops), pp. 618-623. IEEE, 2017.
10 Alexeev, Alexander, Diane S. Henshel, Karl Levitt, Patrick McDaniel, Brian Rivera, Steven Templeton, and Mike
Weisman. "Constructing a science of cyber-resilience for military systems." In NATO IST-153 Workshop on Cyber
Resilience, pp. 23-25. 2017.
11 Monteuuis, Jean-Philippe, Jonathan Petit, Jun Zhang, Houda Labiod, Stefano Mafrica, and Alain Servel.
"Attacker model for Connected and Automated Vehicles." (2018).
For each of the given information resource by an organization that focuses on managing
makes use of list of users that make use of some particular action. It is known to be an access
control list or ACL. For each of the given user, there are large number of capabilities like
reading, delete and last addition10.
Encryption
In most of the cases, organization can transmit the required information over the internet
platform. It can be transferred to some of the external media-based devices like flash drives or
even CDs. With the help of access and authentication control, it has become possible for any
unauthorized person to have easy access to data11.
Challenges for CIA
With the development of technologies, there are new kind of challenges that are imposed
by CIA triad like
Internet of things (IoT): It is the adaptation of list of thing coming into the industry that
imposes new kind of challenges. Firstly, the overall security of IoT devices in various ways as
they have been discovered in various ways to break into security12.
9 Dorri, Ali, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram. "Blockchain for IoT security and privacy: The
case study of a smart home." In 2017 IEEE International Conference on Pervasive Computing and Communications
Workshops (PerCom Workshops), pp. 618-623. IEEE, 2017.
10 Alexeev, Alexander, Diane S. Henshel, Karl Levitt, Patrick McDaniel, Brian Rivera, Steven Templeton, and Mike
Weisman. "Constructing a science of cyber-resilience for military systems." In NATO IST-153 Workshop on Cyber
Resilience, pp. 23-25. 2017.
11 Monteuuis, Jean-Philippe, Jonathan Petit, Jun Zhang, Houda Labiod, Stefano Mafrica, and Alain Servel.
"Attacker model for Connected and Automated Vehicles." (2018).
5PICT848 APPLIED CYBER SECURITY
Big Data: Data comes up into picture in various flavor and forms13. It is mainly due to
overall importance for classification of the given access control which is around them.
Benefits of CIA
CIA security triangle is considered to be an important concept for security. It is mainly
done for control, mechanism, and safeguard. All the required risk, threats, and vulnerabilities are
completely measured for their capabilities which can be compromised with the principles of CIA
Triad14.
Role-based Security Model
Role-based security model is a principle which is used by developers to create system
which can limit the access or restrict operation. It is often termed as role-based access control
which is used by business and organization that makes use of this particular principle15. It is
12 Liu, Bin, Xiao Liang Yu, Shiping Chen, Xiwei Xu, and Liming Zhu. "Blockchain based data integrity service
framework for IoT data." In 2017 IEEE International Conference on Web Services (ICWS), pp. 468-475. IEEE,
2017.
13 Boudguiga, Aymen, Nabil Bouzerna, Louis Granboulan, Alexis Olivereau, Flavien Quesnel, Anthony Roger, and
Renaud Sirdey. "Towards better availability and accountability for iot updates by means of a blockchain." In 2017
IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 50-58. IEEE, 2017.
14 Dorri, Ali, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram. "Blockchain for IoT security and privacy:
The case study of a smart home." In 2017 IEEE International Conference on Pervasive Computing and
Communications Workshops (PerCom Workshops), pp. 618-623. IEEE, 2017.
15 Alexeev, Alexander, Diane S. Henshel, Karl Levitt, Patrick McDaniel, Brian Rivera, Steven Templeton, and Mike
Weisman. "Constructing a science of cyber-resilience for military systems." In NATO IST-153 Workshop on Cyber
Resilience, pp. 23-25. 2017.
Big Data: Data comes up into picture in various flavor and forms13. It is mainly due to
overall importance for classification of the given access control which is around them.
Benefits of CIA
CIA security triangle is considered to be an important concept for security. It is mainly
done for control, mechanism, and safeguard. All the required risk, threats, and vulnerabilities are
completely measured for their capabilities which can be compromised with the principles of CIA
Triad14.
Role-based Security Model
Role-based security model is a principle which is used by developers to create system
which can limit the access or restrict operation. It is often termed as role-based access control
which is used by business and organization that makes use of this particular principle15. It is
12 Liu, Bin, Xiao Liang Yu, Shiping Chen, Xiwei Xu, and Liming Zhu. "Blockchain based data integrity service
framework for IoT data." In 2017 IEEE International Conference on Web Services (ICWS), pp. 468-475. IEEE,
2017.
13 Boudguiga, Aymen, Nabil Bouzerna, Louis Granboulan, Alexis Olivereau, Flavien Quesnel, Anthony Roger, and
Renaud Sirdey. "Towards better availability and accountability for iot updates by means of a blockchain." In 2017
IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 50-58. IEEE, 2017.
14 Dorri, Ali, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram. "Blockchain for IoT security and privacy:
The case study of a smart home." In 2017 IEEE International Conference on Pervasive Computing and
Communications Workshops (PerCom Workshops), pp. 618-623. IEEE, 2017.
15 Alexeev, Alexander, Diane S. Henshel, Karl Levitt, Patrick McDaniel, Brian Rivera, Steven Templeton, and Mike
Weisman. "Constructing a science of cyber-resilience for military systems." In NATO IST-153 Workshop on Cyber
Resilience, pp. 23-25. 2017.
6PICT848 APPLIED CYBER SECURITY
mainly used for ensuring the fact that user does not have easy access to information in the given
IT infrastructure.
Object-oriented programming requires proper treating of roles like an object to the given
modules and functions. Any kind of role-based security-based system totally depends on the
overall ability of code by the help of control16. It is mainly needed by the user to assign the role
and providing any kind of guidance with respect to unauthorized use.
Conclusion
From the above pages of the essay, the point can be noted that CIA stands for
confidentiality, integrity, and availability which is a well-known security model. It is required for
creating information security based policies within the organization. There are mainly three
elements of CIA model that is confidentiality, integrity, and availability which are considered to
be an important aspect of security. CIA security triangle is known to be a security concept that is
needed for providing security controls, mechanism, and its safeguard. It can be implemented to
provide one or more kind of protection.
16 Monteuuis, Jean-Philippe, Jonathan Petit, Jun Zhang, Houda Labiod, Stefano Mafrica, and Alain Servel.
"Attacker model for Connected and Automated Vehicles." (2018).
mainly used for ensuring the fact that user does not have easy access to information in the given
IT infrastructure.
Object-oriented programming requires proper treating of roles like an object to the given
modules and functions. Any kind of role-based security-based system totally depends on the
overall ability of code by the help of control16. It is mainly needed by the user to assign the role
and providing any kind of guidance with respect to unauthorized use.
Conclusion
From the above pages of the essay, the point can be noted that CIA stands for
confidentiality, integrity, and availability which is a well-known security model. It is required for
creating information security based policies within the organization. There are mainly three
elements of CIA model that is confidentiality, integrity, and availability which are considered to
be an important aspect of security. CIA security triangle is known to be a security concept that is
needed for providing security controls, mechanism, and its safeguard. It can be implemented to
provide one or more kind of protection.
16 Monteuuis, Jean-Philippe, Jonathan Petit, Jun Zhang, Houda Labiod, Stefano Mafrica, and Alain Servel.
"Attacker model for Connected and Automated Vehicles." (2018).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7PICT848 APPLIED CYBER SECURITY
References
Alexeev, Alexander, Diane S. Henshel, Karl Levitt, Patrick McDaniel, Brian Rivera, Steven
Templeton, and Mike Weisman. "Constructing a science of cyber-resilience for military
systems." In NATO IST-153 Workshop on Cyber Resilience, pp. 23-25. 2017.
Boudguiga, Aymen, Nabil Bouzerna, Louis Granboulan, Alexis Olivereau, Flavien Quesnel,
Anthony Roger, and Renaud Sirdey. "Towards better availability and accountability for iot
updates by means of a blockchain." In 2017 IEEE European Symposium on Security and Privacy
Workshops (EuroS&PW), pp. 50-58. IEEE, 2017.
Dorri, Ali, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram. "Blockchain for IoT security
and privacy: The case study of a smart home." In 2017 IEEE International Conference on
Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618-623.
IEEE, 2017.
Fernandez, Alberto, and Karwe Markus Alexander. "Data Privacy and Confidentiality."
iURBAN: Intelligent Urban Energy Tool (2016): 35.
Friberg von Sydow, Rikard. "Medical Records-The Different Data Carriers Used in Sweden
from the End of the 19th Century Until Today and Their Impact on Confidentiality, Integrity and
Availability." (2017): 41-60.
Gaetani, Edoardo, Leonardo Aniello, Roberto Baldoni, Federico Lombardi, Andrea Margheri,
and Vladimiro Sassone. "Blockchain-based database to ensure data integrity in cloud computing
environments." (2017).
Liu, Bin, Xiao Liang Yu, Shiping Chen, Xiwei Xu, and Liming Zhu. "Blockchain based data
integrity service framework for IoT data." In 2017 IEEE International Conference on Web
Services (ICWS), pp. 468-475. IEEE, 2017.
References
Alexeev, Alexander, Diane S. Henshel, Karl Levitt, Patrick McDaniel, Brian Rivera, Steven
Templeton, and Mike Weisman. "Constructing a science of cyber-resilience for military
systems." In NATO IST-153 Workshop on Cyber Resilience, pp. 23-25. 2017.
Boudguiga, Aymen, Nabil Bouzerna, Louis Granboulan, Alexis Olivereau, Flavien Quesnel,
Anthony Roger, and Renaud Sirdey. "Towards better availability and accountability for iot
updates by means of a blockchain." In 2017 IEEE European Symposium on Security and Privacy
Workshops (EuroS&PW), pp. 50-58. IEEE, 2017.
Dorri, Ali, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram. "Blockchain for IoT security
and privacy: The case study of a smart home." In 2017 IEEE International Conference on
Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618-623.
IEEE, 2017.
Fernandez, Alberto, and Karwe Markus Alexander. "Data Privacy and Confidentiality."
iURBAN: Intelligent Urban Energy Tool (2016): 35.
Friberg von Sydow, Rikard. "Medical Records-The Different Data Carriers Used in Sweden
from the End of the 19th Century Until Today and Their Impact on Confidentiality, Integrity and
Availability." (2017): 41-60.
Gaetani, Edoardo, Leonardo Aniello, Roberto Baldoni, Federico Lombardi, Andrea Margheri,
and Vladimiro Sassone. "Blockchain-based database to ensure data integrity in cloud computing
environments." (2017).
Liu, Bin, Xiao Liang Yu, Shiping Chen, Xiwei Xu, and Liming Zhu. "Blockchain based data
integrity service framework for IoT data." In 2017 IEEE International Conference on Web
Services (ICWS), pp. 468-475. IEEE, 2017.
8PICT848 APPLIED CYBER SECURITY
Monteuuis, Jean-Philippe, Jonathan Petit, Jun Zhang, Houda Labiod, Stefano Mafrica, and Alain
Servel. "Attacker model for Connected and Automated Vehicles." (2018).
Renu, S., and SH Krishna Veni. "An Enhanced CIA tree Using String Matching Algorithm."
International Journal of Applied Engineering Research 12, no. 16 (2017): 6123-6126.
Sumathi, A., and B. Vinayaga Sundaram. "An ANN approach in ensuring CIA triangle using an
energy based secured protocol E-AODV for enhancing the performance in MANETS." Indian
Journal of Science and Technology 8, no. 34 (2015): 1-10.
Sumra, Irshad Ahmed, Halabi Bin Hasbullah, and Jamalul-lail Bin AbManan. "Attacks on
security goals (confidentiality, integrity, availability) in VANET: a survey." In Vehicular Ad-
Hoc Networks for Smart Cities, pp. 51-61. Springer, Singapore, 2015.
Treacy, Ceara, and Fergal McCaffery. "Data security overview for medical mobile apps assuring
the confidentiality, integrity and availability of data in transmission." (2017).
Monteuuis, Jean-Philippe, Jonathan Petit, Jun Zhang, Houda Labiod, Stefano Mafrica, and Alain
Servel. "Attacker model for Connected and Automated Vehicles." (2018).
Renu, S., and SH Krishna Veni. "An Enhanced CIA tree Using String Matching Algorithm."
International Journal of Applied Engineering Research 12, no. 16 (2017): 6123-6126.
Sumathi, A., and B. Vinayaga Sundaram. "An ANN approach in ensuring CIA triangle using an
energy based secured protocol E-AODV for enhancing the performance in MANETS." Indian
Journal of Science and Technology 8, no. 34 (2015): 1-10.
Sumra, Irshad Ahmed, Halabi Bin Hasbullah, and Jamalul-lail Bin AbManan. "Attacks on
security goals (confidentiality, integrity, availability) in VANET: a survey." In Vehicular Ad-
Hoc Networks for Smart Cities, pp. 51-61. Springer, Singapore, 2015.
Treacy, Ceara, and Fergal McCaffery. "Data security overview for medical mobile apps assuring
the confidentiality, integrity and availability of data in transmission." (2017).
1 out of 9
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.