The Holy Trinity of Data Security: What you need to know about the CIA Triad: [Essay Example], 973 words GradesFixer
exit-popup-close

Haven't found the right essay?

Get an expert to write your essay!

exit-popup-print

Professional writers and researchers

exit-popup-quotes

Sources and citation are provided

exit-popup-clock

3 hour delivery

exit-popup-persone
close
This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

The Holy Trinity of Data Security: What you need to know about the CIA Triad

Download Print

Pssst… we can write an original essay just for you.

Any subject. Any type of essay.

We’ll even meet a 3-hour deadline.

Get your price

121 writers online

blank-ico
Download PDF

The CIA Triad is the most popular reference model for Information Security and Information Assurance that stands for Confidentiality, Integrity, and Availability. Sometimes affectionately referred to as the Holy Trinity of Data Security, the CIA Triad is also called the AIC triad (Availability, Integrity, Confidentiality) by some InfoSec experts to avoid confusion with the Central Intelligence Agency.

In this model, confidentiality stands for a set of directives that prevents the exposure of data to unauthorized parties by governing and limiting access to it. Integrity describes the rules that preserve the trustworthiness and healthiness of data and prevent unauthorized users from tampering with it. And availability promotes a state where authorized people are guaranteed to have reliable access to the information.

Confidentiality In the general context, confidentiality is all about preventing the disclosure of data to unauthorized parties. But in rigorous terms, it also tries to keep the identity of authorized parties involved in sharing and holding data private and anonymous. Keeping the involved parties’ identity confidential adds to the overall CIA triad.

Since malicious actors can’t reliably recon and identify the target, they have to randomly target participants of the network. This in effect increases the costs to compromise the system and adds to its overall security. Standard measures are taken to establish confidentiality include but are not limited to encryption, passwords, two-factor authentication, biometric verification, security tokens, and more. Some of the challenges that could compromise confidentiality are:

Encryption cracking;

Man-in-the-middle attacks on plaintext data;

Insider leaks where the data is not end-to-end encrypted;

Doxxing private information of data holders;

Yobicash manages and ensures confidentiality by using an end-to-end encrypted system based on the Elliptic;

Curve Integrated Encryption Scheme (ECIES).

This system of encryption is only vulnerable to quantum attacks, which are still ten to twenty years away from now. Yobicash credentials are anonymous and untraceable, so the involved parties know just what is needed for a one-time data transfer. Public key reuse is also forbidden and enforced using anonymous credentials. Furthermore, the use of public key cryptography eliminates the need to rely on insecure channels of communication to build shared keys.

Integrity preserves the authenticity of data over its whole life cycle by making sure unauthorized parties are not able to tamper with it. It also ensures that data is not corrupted due to unintentional software or hardware malfunction. Standard measures to guarantee integrity include access controls, cryptographic checksums, uninterrupted power supplies, and backups.

Some of the challenges that could endanger integrity are:

Tampering plaintext data on the fly in a man-in-the-middle attack;

Compromising a cloud server where end-to-end-encryption is not used;

Dropping or rerouting packets on the fly in a man-in-the-middle attack;

Yobicash uses checksums to verify whether transactions have been illegitimately modified after their creation.

Authenticated encryption of data enables the same for ciphertexts. Furthermore, nodes and clients can always retrieve integer versions of the altered transactions from other nodes and clients, which eventually happens anyways in the execution of the consensus algorithm. For an attacker to undermine the integrity of Yobicash data, it has to disrupt the consensus mechanism by altering or dropping packets of two-thirds of the network. As the network grows and matures, this would amount to a man-in-the-middle attack of infeasible proportions.

Availability of information promotes the state where authorized parties are able to access the information whenever needed. Information unavailability can occur due to malicious actors like DDoS attacks or hardware/software malfunctions or insufficiency of bandwidth or other hardware or software resources. Some standard measures to guarantee availability include failover, redundancy, RAID and high availability clusters, adequate communication bandwidths, firewalls and proxy servers, and comprehensive disaster recovery plans.

Some of the challenges that could endanger availability are: DDoS (Distributed Denial of Service attacks) on servers preventing authorized parties from accessing the service Ransomware attacks encrypting data on servers preventing authorized parties from viewing the data Disrupting server room’s power supply Yobicash’s decentralized and anonymous network of nodes with full replication creates a high barrier for conventional availability attacks like DDoS, ransomware and power outages. As shown in the whitepaper, the upfront resources necessary for such a successful attack are economically unfeasible.

With the internet becoming ubiquitous in our everyday lives, data security plays an increasingly vital role. Since every open network is subject to externalities, the security of services is interdependent. Unfortunately, market dynamics disincentivize network participants to invest in their security, as the marginal benefits of investing in a participant’s network resource are way lower than its marginal benefits. Consumers generally tend to buy services at the lower end price range without realizing that in the long run, they will pay more due to security breaches.

Yobicash aims to put an end to this dilemma, by changing the landscape of information storage and sharing economy. By design, Yobicash’s intentionally simple architecture reduces its attack surface. Furthermore, Yobicash’s fee and mining system, incentivize network participants to invest in their security upfront, while increasing the costs of failing to do so. While the whole CIA triad must be rigorously implemented to provide for a network’s information security and information assurance needs, when the time comes to implement the model, real-world limitations force every service to give more weight to one or another of the three pillars. To secure proprietary assets like software, confidentiality is key, while integrity has more importance when securing banking data. On the other hand, publicly accessible data like websites need to provide for availability above all else. Yobicash’s data storage and sharing model relieves nodes and clients from the dilemma of giving more importance to one or another of the three pillars. By design, Yobicash puts most of the burden of information security on itself while incentivizing nodes and clients to harden up their individual security.

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

100% plagiarism free

Sources and citations are provided

Cite this Essay

To export a reference to this article please select a referencing style below:

GradesFixer. (2018). The Holy Trinity of Data Security: What you need to know about the CIA Triad. Retrived from https://gradesfixer.com/free-essay-examples/the-holy-trinity-of-data-security-what-you-need-to-know-about-the-cia-triad/
GradesFixer. "The Holy Trinity of Data Security: What you need to know about the CIA Triad." GradesFixer, 27 May. 2018, https://gradesfixer.com/free-essay-examples/the-holy-trinity-of-data-security-what-you-need-to-know-about-the-cia-triad/
GradesFixer, 2018. The Holy Trinity of Data Security: What you need to know about the CIA Triad. [online] Available at: <https://gradesfixer.com/free-essay-examples/the-holy-trinity-of-data-security-what-you-need-to-know-about-the-cia-triad/> [Accessed 15 July 2020].
GradesFixer. The Holy Trinity of Data Security: What you need to know about the CIA Triad [Internet]. GradesFixer; 2018 [cited 2018 May 27]. Available from: https://gradesfixer.com/free-essay-examples/the-holy-trinity-of-data-security-what-you-need-to-know-about-the-cia-triad/
copy to clipboard
close

Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.

    By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails.

    close

    Attention! this essay is not unique. You can get 100% plagiarism FREE essay in 30sec

    Recieve 100% plagiarism-Free paper just for 4.99$ on email
    get unique paper
    *Public papers are open and may contain not unique content
    download public sample
    close

    Sorry, we cannot unicalize this essay. You can order Unique paper and our professionals Rewrite it for you

    close

    Thanks!

    Your essay sample has been sent.

    Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.

    thanks-icon Order now
    boy

    Hi there!

    Are you interested in getting a customized paper?

    Check it out!
    Having trouble finding the perfect essay? We’ve got you covered. Hire a writer

    GradesFixer.com uses cookies. By continuing we’ll assume you board with our cookie policy.