Instructions: Word count:650 to 750 words All assignments must be in 12-point, Times New Roman font, have one-inch margins, left alignment, and be double-spaced Pick an ongoing interpersonal problem you….
Safely Sharing Security Data using CIA triad
Please reply to following 2 posts. Please make your posts substantive. A substantive post will do at least two of the following:
- Ask an interesting, thoughtful question pertaining to the topic
- Answer a question (in detail) posted by another student or the instructor
- Provide extensive additional information on the topic
- Explain, define, or analyze the topic in detail
- Share an applicable personal experience
- Provide an outside source (for example, an article from the UC Library) that applies to the topic, along with additional information about the topic or the source (please cite properly in APA)
- Make an argument concerning the topic.
At least 1 (scholarly) journal source should be used. Be your references in correct APA 7 format and cite each reference at least once, but as many times as you rely on it. Citations support each sentence relying on a reference, not an entire paragraph. Do not use direct quotes, rather rephrase the author’s words and continue to use in-text citations.
Reply to each post needs to be 250 words minimum.
Safely Sharing Security Data using CIA triad
Today, multimedia security is considered as a prime agenda for secure data transmission over the network or other unsecured network channels. It became a very common sharing of the data over the internet. Industries like e-commerce organizations have difficulty sharing the secured data, and the health care system is the most finding difficult using web apps for sharing patient’s sensitive data secured files safely over an open network environment. It raises the information security issue, which is a challenging communication network task. Many organizations are facing many threats, risks, and security incidents because of a lack of security data control systems usage in their security infrastructure. These security risks or threats contain the potential to damage, modify, and disclose sensitive data. An interesting fact about this is that these vulnerabilities threats could start from the inside facility (Fenrich, 2008).
It is essential to exchange secured information data of the patients’ in a health care system and very important to share specific data to be shared securely in IT flow. It is necessary to employ and trusted safe methods to prevent data loss or damage by unauthorized access or potential cyber-attacks, and any ransomware risks are Cryptography and implementing risk management plans by using CIA triad (Jayanthi, 2019). Cryptography is implemented using a secret key that hides the sensitive information and encrypts the original plain text; only by using the key the original message could be decrypted and readable to the users. The other known named for CIA is Confidentiality, Integrity, and Availability. Usually, the CIA ensures the primary objectives and goals of IT security infrastructure.
- Confidentiality: To avoid unauthorized access so that only authorized users could modify or access the data information. This is vital when limiting access to the user as the value of data advanced (James, Darril, & Mike, 2018).
- Integrity: Data information must be maintained properly and ensure the data cannot be updated maliciously or accidentally. This plays a crucial role in cases like financial information or user details (James, Darril, & Mike, 2018).
- Availability: data can be access from anywhere and as needed by authorized users. This would be essential when it comes to government-related releases are considered (James, Darril, & Mike, 2018).
Organizations must implement security policies, frameworks and establish priorities by keeping the CIA triad in mind to ensure productivity and success. For instance, consider an ATM Bank where clients would access their bank details. This ATM has devices that encompass all CIA principles. It offers confidentiality by enabling two-factor authentication in order to allow accessing the data. Bank and ATM enforcing data integrity by ensuring any activity done through ATM are linked to the user’s bank account. As the ATM available publicly, it offers Availability, even the bank branch is not open (Josh, 2020).
The security management team must incorporate the CIA prioritization based on business needs. This could be initiated with the prioritization of security tenets of confidentiality, integrity, and availability. A design and plan must be developed by defining the most focused CIA triad element to the business for a better security solution. CIA prioritization could help in focusing on the security aspect and does imply on improperly addressed. Additionally, while developing security policy, the other most applied security concept is AAA services – Authentication, Authorization, and Accounting, which helps deploy a security solution (James, Darril, & Mike, 2018).
As computers and other digital devices have become essential to business and commerce, they have also increasingly become a target for attacks. In order for a company or an individual to use a computing device with confidence, they must first be assured that the device is not compromised in any way and that all communications will be secure.
When protecting information, we want to be able to restrict access to those who are allowed to see it; everyone else should be disallowed from learning anything about its contents. This is the essence of confidentiality. For example, federal law requires that universities restrict access to private student information. The university must be sure that only those who are authorized have access to view the grade records.
Integrity is the assurance that the information being accessed has not been altered and truly represents what is intended. Just as a person with integrity means what he or she says and can be trusted to consistently represent the truth, information integrity means information truly represents its intended meaning. Information can lose its integrity through malicious intent, such as when someone who is not authorized makes a change to intentionally misrepresent something. An example of this would be when a hacker is hired to go into the university’s system and change a grade.
Information availability is the third part of the CIA triad. Availability means that information can be accessed and modified by anyone authorized to do so in an appropriate timeframe. Depending on the type of information, appropriate timeframe can mean different things. For example, a stock trader needs information to be available immediately, while a salesperson may be happy to get sales numbers for the day in a report the next morning. Companies such as Amazon.com will require their servers to be available twenty-four hours a day, seven days a week. Other companies may not suffer if their web servers are down for a few minutes once in a while.
A security policy should also address any governmental or industry regulations that apply to the organization. For example, if the organization is a university, it must be aware of the Family Educational Rights and Privacy Act (FERPA), which restricts who has access to student information. Health care organizations are obligated to follow several regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).
When looking to secure information resources, organizations must balance the need for security with users’ need to effectively access and use these resources. If a system’s security measures make it difficult to use, then users will find ways around the security, which may make the system more vulnerable than it would have been without the security measures! Take, for example, password policies. If the organization requires an extremely long password with several special characters, an employee may resort to writing it down and putting it in a drawer since it will be impossible to memorize.