PICT311 Cyber Security Essay: CIA Triad vs. Other Security Models

Verified

Added on 2022/12/29

AI Summary

This essay critically examines the CIA triad, a fundamental concept in cyber security, focusing on its role in providing uninterrupted and reliable access to information resources. The essay begins by defining the CIA triad's components: confidentiality, integrity, and availability, and then delves into their respective strengths and weaknesses in the context of modern cyber threats. It explores how confidentiality protects sensitive information, integrity ensures data accuracy, and availability guarantees authorized access. The essay also analyzes the limitations of the CIA triad, particularly in the face of big data and the Internet of Things. Furthermore, the essay compares and contrasts the CIA triad with other information security models, specifically the Parkerian Hexad, highlighting the differences in their approaches to information security. The Parkerian Hexad expands upon the CIA triad by adding elements such as possession/control, authenticity, and utility, providing a more comprehensive framework for assessing information security. By comparing these models, the essay aims to provide a comprehensive understanding of information security principles and their application in real-world scenarios.

Cyber Security in Practice 1
CYBER SECURITY IN PRACTICE
by [Name]
Professor’s Name
Course Title
Course Code
State/City
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber Security in Practice 2
Analysis of the Confidentiality, Integrity and Availability (CIA) Strengths and
Weaknesses
Introduction
Information security refers to any set of techniques that is deployed by an individual or an
organisation to make sure that its valued information remain accessible and secure. To
prepare information security measures, a firm should first of all undertake a risk analysis
(Duncan and Whittington, 2016). Risk analysis is defined as a coupling of a threat with a
susceptibility. The risk analysis helps to identify the information that is most critical to
defend, identify probable risks, and determine approach on how to probable the risk can be
manifested. The preparation performance to minimise that risk is a major concern of
information security (Kubbo, Jayabalan, and Rana, 2016, p.113). In this sense, this paper will
discuss the CIA triad by recognise its strengths and weaknesses. Additionally, the paper
compare and contrast CIA triad against other similar models like Parkerian Hexad, and the
Five Pillars of Information Assurance.
Confidentiality, Integrity and Availability (CIA)
Confidentiality, integrity and availability is also referred to as CIA triad. This model has been
planned to monitor rules of information security in an organisation. The three components of
CIA triad model are regarded as the most critical elements of security. In this sense,
confidentiality refers to a set of rules that restrict entrance to information. Integrity is the
reassurance that info is correct as well as trustworthy (Azadi, Zare, and Zare, 2018, p.745).
On the other hand, availability is the warranty of dependable access to information by
authorised individuals.
Confidentiality
In general confidentiality is equal to concealment, since it is a measure that is performed to
make sure it avert sensitive information from getting into the wrong hand. At the same these
measures ensure that only the authentic individual gain access to this information. The access
is restricted to only those authorised to see the data in problem. In this regard therefore, data
is classified based on the type of harm which could be performed should it get into unplanned
hand, and amount of data (Dayanandam, Rao, Babu, and Durga, 2019, p.3). Consequently,
less or more stringent measures are implemented based on these categories. An example of
approached used to guarantee confidentiality comprise data encryption, passwords, and user

Cyber Security in Practice 3
IDs being used as procedural standards. Additionally, two-factor authentication is become a
custom. Moreover, other confidentiality approaches comprise security tokens, biometric
authentication, soft tokens and key fobs. Furthermore, users are also taking precaution
measure by minimising the places where the information appear as well as the number of
times the information can be transmitted to accomplish a given transaction (Imrie, and
Bednar, 2018, p.46). In cases that calls for additional confidentiality measures such as in
cases of highly sensitive documents precautions such as storing data in disconnected storage
devices, and storing data on air gapped computers is used.
Integrity
Integrity entails maintaining accurateness, dependability as well as data fidelity throughout its
lifecycle. Data is not supposed to be changed while in transit, hence integrity work to ensure
that appropriate measures are put in place to avoid altering the data by unauthorised persons.
As a result, integrity ensure information authenticity, by ensuring that information does not
get interfered with right from the source to its destiny. Measures have been put in place to
make sure data and information integrity include user access control and permission files.
With regard to erroneous changes and unintentional deletion by legitimate users are being
prevented by version control (Singh, and Kaushik, 2016, p.303). Nonetheless, Integrity
means have been put in place to perceive any modifications in data that can occur due to non-
human-caused events like severe crash and electromagnetic crush. As a result, certain pieces
of data contained cryptographic checksums and checksums used for integrity verification. On
the same note, backups are also put in place to reinstate the affected data to the right state
(Curran et al., 2019).
Availability
Availability refers to access to information by only legitimate users. Therefore, if it happens
that the hacker is unable to compromise confidentiality as well as integrity information
security, they are likely to make attempts to execute attacks such as denial of service that
could bring down the server by making the website unavailable to authentic users because of
absence of availability. Availability is appropriately ensured through rigorous maintenance of
all hardware, immediately carrying out hardware repairs when need arise and maintain an
appropriately operational operating system atmosphere that is free of software struggles
(Mohsin et al., 2019, p.192). Therefore, offering sufficient communication bandwidth as well
as averting the occurrence of bottlenecks is greatly important. Severe consequence are

Cyber Security in Practice 4
mitigated through failover, high-capability clusters, RAID, and redundancy are used when
hardware issues take place. For the worst case scenario fast and adaptive disaster recovery is
crucial. Availability information security element work by ensuring that safeguards against
data interruptions and loss related to unpredictable events such as fire and natural disaster. To
prevent loss of data from such happenings a backup copy is always stowed in a site that is
physically isolated. To prevent loss of data from unpredictable events such as nature
calamities and fire back copies are stored far way in waterproof and fireproof safe location
(Singh, and Pandey, 2019, p.84). In regard to guard against downtime and unreachable data
because of malevolent activities like network intrusions, denial-of-service (DoS) additional
security equipment like proxy servers as well as firewalls are employed.
Strengths of CIA Triad
The fundamental strength related to CIA triad is the transmission of the general objectives of
info security business professionals and IT in a streamlined manner. In a security point of
view, the three components of CIA triad cover an extensive actions when in regards to
safeguarding of information among organisation of all sizes (Reimsbach, Hahn, and Gürtürk,
2018, p.560). Regarding information security outbreaks in the perspective of the CIA model
an enhanced appreciation of multiple defensives as well as offensive methods is attained. For
instance, some of the prevalent basic techniques that are utilised by attackers such as hard
drive formatting, sniffing network system and system file modification is described based on
CIA triad terms. Sniffing of system transportation attacks the confidentiality angle of the CIA
triad since it permit attackers to see what they are not required to see. The writing of modified
system files compromises the target system integrity. In addition, configuring of a casualty’s
hardware is a bout on the system availability.
Weaknesses facing the CIA Triad
Big data is posing additional challenges to the CIA security model due to the sheer volume of
information which is supposed to be safeguarded, the range of sources it comes from a range
of formats through which it exists (Rodrigues, and Morais, 2019, p.3). Duplicate data sets as
well as disaster recovery plans have been found to increase the already high costs. Moreover,
since the major concern of big data is to collect and make certain types of significant
interpretations of all sorts of information, responsible data oversight has been found to be
lacking (Chang et al, 2016, p.157). On the other hand, CIA triad considers internet of things
privacy which is a special consideration that is needed to protect individuals’ information

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber Security in Practice 5
from exposure in the Internet of Things (IoT) setting. In IoT environment approximately each
physical entity can be given a distinct identifier and has the capability to communicate
autonomously over the Internet. The data that is conveyed by any specific endpoint cannot
cause any physical issues. Nevertheless, when fragmented data from several endpoints is
collected and analysed it yields sensitive information. As a result, internet of things security
is posing special challenges due to the fact that it comprises of numerous internet-enabled
devices apart from computers that goes unpatched and are in most cases configured with
default and week passwords (Gallo, and Dahab, 2015, p.21). Not unless it is adequately
protected, IoT devices can be used by separate attack vectors.
The main weakness of CIA Triad is its solitary concentrate on information. While
information is the central point to information technology security, CIA Triad advocate for
piplined of security which have a tendency to discount other relevant aspects.
The Parkerian Hexad Model
In addition to the CIA Triad three primary components: Confidentiality, Integrity and
Availability were regarded as the centre of cybersecurity. However, Parker suggested an
alternate model to the typical CIA Triad referred to as the Parkerian Hexad. The essence of
Parker proposing the Parkerian Hexad model is because he felt the CIA Triad paradigm was
not sufficient to describe the totality of what is considered in the information security.
Therefore Parker added three elements: utility, possession and authenticity. The additional
attributes of information are non-overlapping in such a way that they refer to unique features
of information. In this sense, the Parkerian Hexad consists of six attributes in total:
confidentiality, integrity, possession/control, authenticity, availability and utility.
Confidentiality: Confidentiality is fundamentally in regards to the visibility of information.
As a result, only the right parties have access to specific information. Although, this look
simple, but it stands as the most challenging aspect. For instance, the use of HTTPS on
visiting a website with sensitive information like bank information, the connection with the
data should be encrypted hence attackers cannot gain access to such information (Chenette,
Lewi, Weis, and Wu, 2016, p.477).
Possession/Control: Research has shown that when attackers want to overload a service, the
look for a huge number of devices through which they can perform their malicious attack
concurrently. In most cases attackers use known problems within the systems. Therefore,

Cyber Security in Practice 6
attackers can steal data and not do anything with it the worry is that they can access the
system any time they want, hence causing loss of possession of information.
Integrity: In regards to information security, the role of data integrity is to assure and
maintain the accuracy and completeness of date throughout its life cycle. The focus of
integrity is based on the variability of information and systems. This means that no one is
allowed to modify information in an unauthorised way.
Authenticity: The part that hackers concentrate most in the modern world sis authenticity.
Authenticity refers to the accuracy as well as truth of the source of information. For instance,
a digital signature can be used to verify a user of a digital document. Therefore, the user has
to pass a code once they are logged in that is received through an email or SMS. Authenticity
is therefore used to ensure that hackers does not take over a user’s account with their
password (Li et al., 2018, 90).
Availability: A fully operational information system is supposed to grant permission to
legitimate users to access their information. Therefore availability ensure that the systems has
solid capacity to process and store information as well as offer security controls to protect
information. In this regard, even the communication channels offer protection and work
correctly (Cherdantseva et al., 2016, p.4). According to Parker, there are various key different
roles that are required in the successful information security team for the CIA Triad to be
offered efficiently.
Utility: Utility is concerned with the usefulness of information systems toward the user. In
addition utility attribute is the sole principle of the Parkerian Hexad that is not automatically
binary in nature, there are various levels of utility based on the data and its formats.
Comparison between CIA Triad Model and the Parkerian Hexad Model
CIA Triad consists of three basic components: Integrity, Availability and Confidentiality
whereas the Parkerian Hexad Model consist of six attribute which consists of CIA triad
elements and additional three elements: possession/control, utility and authenticity.
CIA Triad advocate a pipelined security perspective which tends to minimise other relevant
aspects, on the other hand, the Parkerian Hexad additional attributes particularly possession
element to the CIA triad intending to safeguard information against control or possession by
illegitimate groups (Guo et al, 2015, p.2670). In addition, the authenticity element of
Parkerian hexad model rotates around proof of individuality which is used to make sure that

Cyber Security in Practice 7
information is coming from a legitimate source. The utility attribute focus on the usefulness
of information where by even though information can achieve a standard procedure for
availability, confidentiality, possession, integrity, in addition authenticity but it should also be
met in a beneficial state to remain of value to the user.
Five Pillars of Information Assurance
With the progressive competitive business world, information is a critical resource that calls
for utmost protection. Information security is pivotal in managing any enterprise to ensure
that critical information is not compromised in any manner. Indeed, securing information is
essential for any corporation, therefore, it is important to actively secure an enterprise against
any malicious attacks particularly when it comes to the transmission of information across the
network. In this sense, a secure information system should be built on the basis of five key
building blocks. To set these pillars into the right place is the pivotal part of establishing any
type of information security mechanism. Information assurance (IA) is a system that is used
to protect against as well as managing threats associated to the processing, susage,
transmission and stowage of data and information systems (Zhang, and Gupta, 2018, p.917).
As a result, the United State Department of Defence has promulgated Five Pillars of
information Assurance model which include non-repudiation, integrity, authenticity,
availability and confidentiality of user data.
Non-Repudiation: This element assures the data sender with a delivery proof as well as the
receiver is delivered with a proof of the identity of the sender. This allow both parties to
acknowledge receiving and sending data.
Integrity: The completeness and accuracy of key information should be protected. Thus, data
is not supposed to be altered during storage and transmission, hence integrity ensure that
information systems is not interfere by unauthorised parties (He, Zeadally, Kumar, and Lee,
2016, p.2561). Therefore, integrity of data can be enhanced through use of policies to enable
user understand how to properly use their systems.
Authenticity: This is a security measure that is designed to ensure validity of a message or a
transmission. In this sense, authentication prevents impersonation and calls for users to
confirm their identities prior to being permitted to access information systems.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber Security in Practice 8
Confidentiality: It is the declaration that information does not get revealed to unauthorised
persons, and groups. Data that is highly confidential should be encrypted to ensure that third
parties do not easily decrypt it, hence only legitimate people can view information.
Availability: availability is a means that allow legitimate users to easily and timely find
access to information systems. Availability ensure that IT infrastructure and resources remain
fully-functional and robust all the time even during adverse conditions like fallovers (Gilad-
Bachrach et al, 2016, p.201). Availability ensure information systems are protected against
threats which block access to information systems, hackers and malicious codes.
The difference between CIA Triad and the Five Pillars of Information Assurance is that it that
CIA Triad has three components while the Five Pillars of Information Assurance has two
additional elements which include authenticity and non-repudiation.
In conclusion, CIA Triad has handled to become a very vital security idea. To ensure the
three components of the CIA Triad are addressed, it is the basis of any secure network.
However, there several limits to the classical particularly about non-repudiation, utility,
authentication and possession that Parker attempted to resolve through his model.

Cyber Security in Practice 9
Reference List
Azadi, M., Zare, H. and Zare, M.J., 2018. Confidentiality, Integrity and Availability in
Electronic Health Records: An Integrative Review. In Information Technology-New
Generations (pp. 745-748). Springer, Cham.
Chang, V., Ramachandran, M., Yao, Y., Kuo, Y.H. and Li, C.S., 2016. A resiliency
framework for an enterprise cloud. International Journal of Information Management, 36(1),
pp.155-166.
Chenette, N., Lewi, K., Weis, S.A. and Wu, D.J., 2016, March. Practical order-revealing
encryption with limited leakage. In International Conference on Fast Software Encryption
(pp. 474-493). Springer, Berlin, Heidelberg.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
2016. A review of cyber security risk assessment methods for SCADA systems. Computers
& security, 56, pp.1-27.
Curran, K., McNamee, E., McCaroll, N., Chaurasiaa, P. and McBrearty, S., 2019, March. The
Security Considerations in Cloud Adoption for Legal Firms. In International Conference on
Science, Engineering & Technology.
Dayanandam, G., Rao, T.V., Babu, D.B. and Durga, S.N., 2019. DDoS Attacks—Analysis
and Prevention. In Innovations in Computer Science and Engineering (pp. 1-10). Springer,
Singapore.
Duncan, R.A.K. and Whittington, M., 2016. Enhancing cloud security and privacy: the cloud
audit problem. Cloud Computing 2016.
Gallo, R. and Dahab, R., 2015, May. Assurance Cases as a Didactic Tool for Information
Security. In IFIP World Conference on Information Security Education (pp. 15-26). Springer,
Cham.
Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M. and Wernsing, J., 2016,
June. Cryptonets: Applying neural networks to encrypted data with high throughput and
accuracy. In International Conference on Machine Learning (pp. 201-210).
Guo, L., Ni, J., Su, W., Tang, C. and Shi, Y.Q., 2015. Using statistical image model for JPEG
steganography: uniform embedding revisited. IEEE Transactions on Information Forensics
and Security, 10(12), pp.2669-2680.
He, D., Zeadally, S., Kumar, N. and Lee, J.H., 2016. Anonymous authentication for wireless
body area networks with provable security. IEEE Systems Journal, 11(4), pp.2590-2601.

Cyber Security in Practice 10
Imrie, P. and Bednar, P.M., 2018. Security Benefits of Little Data from the Socio-Technical
Perspective. International Journal of Systems and Society (IJSS), 5(1), pp.45-53.
Kubbo, M., Jayabalan, M. and Rana, M.E., 2016, September. Privacy and security challenges
in cloud based electronic health record: towards access control model. In The Third
International Conference on Digital Security and Forensics (DigitalSec 2016) (p. 113).
Li, J., Chen, X., Chow, S.S., Huang, Q., Wong, D.S. and Liu, Z., 2018. Multi-authority fine-
grained access control with accountability and its application in cloud. Journal of Network
and Computer Applications, 112, pp.89-96.
Mohsin, A.H., Zaidan, A.A., Zaidan, B.B., Albahri, O.S., Albahri, A.S., Alsalem, M.A. and
Mohammed, K.I., 2019. Based medical systems for patient’s authentication: Towards a new
verification secure framework using CIA standard. Journal of medical systems, 43(7), p.192.
Reimsbach, D., Hahn, R. and Gürtürk, A., 2018. Integrated reporting and assurance of
sustainability information: An experimental study on professional investors’ information
processing. European Accounting Review, 27(3), pp.559-581.
Rodrigues, M.A.B. and Morais, A.I., 2019, June. A geographical comparison of Assurance on
Integrated Reporting. In 2019 14th Iberian Conference on Information Systems and
Technologies (CISTI) (pp. 1-6). IEEE.
Singh, D.K. and Kaushik, P., 2016. Network Intrusion Detection Techniques and Open
Source Tools. International Journal of Engineering and Management Research (IJEMR),
6(1), pp.303-306.
Singh, V. and Pandey, S.K., 2019. Cloud Security Ontology (CSO). In Cloud Computing for
Geospatial Big Data Analytics (pp. 81-109). Springer, Cham.
Zhang, Z. and Gupta, B.B., 2018. Social media security and trustworthiness: overview and
new direction. Future Generation Computer Systems, 86, pp.914-925.