...CSS150-1302B-01: Introduction to Computer Security Week 1 Individual Project Brian Frank Colorado Technical University Online 5/27/2013 Name and describe the seven different categories of the Expanded CIA triangle. The seven expanded categories to the Expanded CIA Triad include Confidentiality, Integrity, Availability, Accuracy, Authenticity, Utility, and Possession (Northeastern University, n.d.). * Confidentiality is only allowing access of data to authorized personnel (Kim and Solomon, 2012). * Integrity is the accuracy and validity of data, only authorized persons can edit information (Kim and Solomon, 2012). * Availability is the amount of time authorized users can use an application, data, and/or a system (Kim and Solomon, 2012). * Accuracy is data free from errors or mistakes and has the value that the end user expects (Northeastern University, n.d.) * Authenticity is the original state of data and not a reproduction (Northeastern University, n.d.). * Utility is the state of having value or quality for some purpose (Northeastern University, n.d.). * Possession is the control state of ownership of an item (Northeastern University, n.d.). Provide a summary of the security goal of each category of the Expanded CIA triangle. * Confidentiality keeps unauthorized persons from data sensitive to the nature of its business, clients, or users (Kim and Solomon, 2012). This keeps unauthorized persons from data sensitive...
Words: 1086 - Pages: 5
...There are seven expanded categories to the C-I-A Triad. They include: Confidentiality, Integrity, Availability, Accuracy, Authentication, Utility and Possession. By understanding all seven expanded areas of the C-I-A Triad there is a better chance of keeping your information secure. Confidentiality is ensuring the authorized access. The goal of confidentiality is to ensure restricted access and only authorized people are to be allowed to access the secure data. A breach of confidentiality may take place through different means, for instance hacking or social engineering data. An example of a violation of confidentiality is Salami Theft. A person knows he can’t steal the entire salami without it being noticed. By taking small pieces over time that person has the entire salami. In information security, this occurs when an employee steals a few pieces of information over time. Taking more would be noticed, but eventually the employee gets the entire information. To protect the confidentiality of information, you can use a number of measures. It can be accomplished by classifying data and implementing security policies, user names, passwords, access control lists, and both file and volume encryption. Protection is from firewalls, file permissions, education of information custodians and end users. Integrity is to protect data from modification or deletion by unauthorized parties, and ensuring that when authorized people make changes that shouldn’t have been made the damage can be...
Words: 675 - Pages: 3
...events, especially for better or for worse, is determined; turning point (crisis, n.d.). A crisis can hit a company anytime and it does not discriminate because of size or notoriety. The best thing a company should have is a plan of action prepared in an advance, a crisis management plan. The Triad Group apparently did not have a crisis management plan in place as the problems started to sneak up, the company felt pressured and fell apart. According to Rick Amme, who heads the crisis and media relations firm Amme & Associates, Inc., there are five stages of scandal. The Triad Group went through all five stages until the United States Marshals, arrived at the door to seize the products and shut them down (Amme, 2004). Could have The Triad Group avoided such a big scandal? Maybe not as the problems had started awhile back but what if the company had followed protocols. The first stage was no comment. Throughout the recalls and seizing of the products the Triad executives and spokesperson would decline to comment on the situation. Although the FDA (Food and Drug Administration) commented that the seizing of the products was to prevent the company from distributing any more products, Triad did not come forward. The best thing that the company could have done was to communicate throughout the crisis. Johnson and Johnson is such company after it was discovered that its Tylenol capsules had been laced with cyanide. Johnson and Johnson reacted in such an effective way that the case...
Words: 343 - Pages: 2
...Information Technology and its security, we have to consider the need and necessity to keep the information that should be secure safe. In keeping this information safe, we have to look at many of the characteristics that it will take to keep that information safe. The characteristics that this personal data must have to be considered safe from those who are not privy to the information are called the Expanded CIA Triangle. When using computers, especially over the internet, keeping information safe and confidential will always be one of the toughest obstacles. Ensuring that you are using the Expanded CIA Triangle characteristics will increase that security but not prevent it from being compromised. As we all know, the CIA Triangle or Triad is based upon three principles. Those security principles are Confidentiality, Integrity and Availability. Despite these principles, it was necessary for an expansion of the triad because of the ever changing and developing minds of those who make attempts at information that should be kept confidential. Therefore the need for the Expanded CIA Triangle was necessary. Those principles being: Confidentiality, Integrity, Availability, Accuracy, Authenticity, Utility and Possession. I am the supervisor of training and development at a lodge and resort in the city of Frankenmuth, Michigan. I have access to company data that an hourly employee does not. I have a right to access this information while other staff members do not. This is the confidentiality...
Words: 905 - Pages: 4
...Fact Sheet Mission Novant Health exists to improve the health of our communities, one person at a time. Vision We, the employees of Novant Health and our physician partners, will deliver the most remarkable patient experience, in every dimension, every time. Values Compassion: We treat our customers and their families, staff and other healthcare providers as family members with kindness, patience, empathy and respect. Diversity: We recognize that every person is different, each shaped by unique life experiences. This enables us to better understand each other and our customers. Personal Excellence: We strive to grow personally and professionally and approach each service opportunity with a positive, flexible attitude. Honesty and personal integrity guide all we do. Teamwork: The needs and expectations of any one customer are greater than what one person's service efforts can satisfy. We support each other so that together as a team, we can be successful in the eye of the customer as a quality service provider. Inpatient facilities (hospitals)* | 13 | Partnership hospital | 1 | Licensed beds | 2,707 | Physician clinic locations | 343 | Primary service area | NC, SC, VA, GA | Employees | 24,400 | Medical group physicians | 1,123 | Emergency department visits | 542,000 | Surgeries | 121,000 | Births | 18,000 | Inpatient discharges | 122,000 | Physician medical group visits | 3,700,000 | Founded | July 1, 1997 | * Novant Health hospitals include...
Words: 377 - Pages: 2
...The Female Athlete Triad The three components of the female athlete triad are energy availability, menstrual function, and bone mineral density. The triad is clinically referred to as eating disorders, amenorrhea, and osteoporosis. The female athlete triad has become more prevalent in the United States due to Title IX legislation. The triad is most common among the athletic population, but can occur in the athletic population. It is most common among athletes that are in sports the emphasize leanness. The pressure to perform at elite levels causes many female athletes to combine excessive exercise with calorie-poor diets. The benefits of exercise outweigh the risks, so women of all ages should be encouraged to participate in physical activity. It is important to rest your body between workouts to promote proper muscle and bone recovery. It is important to educate athletes, coaches, and parents on signs and symptoms of the triad to promote early detection and prevention. Energy availability is defined as dietary energy input minus exercise output. Energy availability is the amount of dietary energy remaining after exercise for other body functions. If energy availability gets to low physiological mechanisms reduce the amount of energy that is used for cellular maintenance, thermoregulation, growth, and reproduction. This can restore energy balance but it significantly impairs health. Athletes can cause an energy deficit in many different ways. Athletes reduce energy by binge-eating...
Words: 1181 - Pages: 5
...Sara Williams CSS150-1301B-01 Phase 1 Individual Project 2-23-2013 “The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security.” http://www.techrepublic.com/blog/security/the-cia-triad/488 CIA stands for Confidentiality, Integrity, and availability. The CIA Triad was developed so that people think about the important aspects of IT security. The 7 different categories of the Expanded CIA triangle are: Confidentiality, Integrity, Availability, Accuracy, Utility and Possession. Confidentiality is important when protecting sensitive information from others that don’t have the authorization to access it. A user can separate information into collections organized, and can pick who will have access to it and how sensitive they want it. Some use encryption to keep data confidential. The open source tools will also keep data safe from unauthorized people in the network. There are many methods to keep important data confidential. Integrity protects the data from modification or being deleted by unauthorized people. It also ensure that the authorized people can fix there mistakes. Some data can not be changed incorrectly, like the user account controls. If there are changes made the wrong way it can lead to service disturbances and confidentiality breaches the most common measures to guarantee integrity are traditional backups and version control systems. Availability...
Words: 532 - Pages: 3
...Introduction The AIC triad is one of the many approaches to secure networks in today's complex computing environments. What makes the AIC triad different from any other theory is that when it is used properly it forms the cornerstone of every aspect of computing and network security. Most IT security practices are focused on protecting systems from loss of confidentiality, loss of integrity, and loss of availability; these three together are referred to as the security triad, the CIA triad, and the AIC triad. Regardless of the order in which the letters are organized in the acronym, they refer to the same principles. Confidentiality, Integrity and Availability are the cornerstones to which a network is comprised. Each with its own independent yet very important role in networking. Confidentiality refers to access control and ensures that it is restricted to the individuals who have been previously authorized to access a network or one of its resources. Integrity addresses the validity of data and any networked object. It ensures that the unauthorized changes to the data or object is noticed so that appropriate actions can be taken. Availability’s meaning is essentially as simple as the word itself. It refers to the principle that addresses the need for an authorized user to have access to a resource as quickly as possible based off the networks functioning abilities. Availability In an information technology (IT) environment availability is one of the most important...
Words: 1508 - Pages: 7
...and organization's compliance with laws, regulations and policies. In order for an organization's information security program to succeed it needs to operate according to the established government and organizational policies. This case study will give managers a brief overview of the legal environment to assist them in reviewing and commenting upon a new governance policy for their organization's information security program. LAW AND POLICY CASE STUDY CIA TRIAD "The meaning of CIA that is probably most familiar to my readers is the Central Intelligence Agency." In this case study, however, the CIA triad stands for: Confidentiality, Integrity, and Availability. The triad is a security model that helps people remember the important parts of information technology security. The confidentiality portion of the triad determines the appropriate access levels for information. The integrity portion protects unauthorized modification or deletion of organization information. Finally, the availability portion of the CIA triad ensures systems are working properly and available when needed. CONFIDENTIALITY Organizations generally separate confidential information by how sensitive it is and who has the clearance to access it. For example, the government separates its sensitivity of information on three levels: Confidential, Secret and...
Words: 596 - Pages: 3
...considered the three core principles of information security for more than two decades. They are commonly referred to as the CIA triad” (Cyber Secure Online, 2013). When designing security controls you will definitely be addressing one or more of these core principles. Even though these principles were considered core security professionals realized that the focus cannot solely be on these three principles alone. The CIA triad was expanded by adding an additional four principles that have enhanced and would now have a more sufficient in protecting confidential information. Listed here are the seven principles of the Expanded CIA triad: Confidentiality, Integrity, Availability, Possession, Authenticity, Utility, and Accuracy. As stated above many of the security professionals did not want all concentration to be on the original three, so it made sense to expand. This will ensure that the information that needs to be protected is protected thoroughly. “Each time an information technology team installs a software application or computer server, analyzes an data transport method, creates a database, or provides access to information or data sets, CIA criteria must be addressed” ("Information Technology," 1997). Each principle has to be addresses before any information security design can be put into place. Here are the three “core” principles of the CIA: Confidentiality- It means guarding information from everyone except those with rights to it. Integrity- deals with the...
Words: 453 - Pages: 2
...1) Describe a threat and a threat agent. What are the differences between the two? Provide an example of a threat and a threat agent and how they interact (the example can be fictitious). • Threat – is a nonstop danger to an asset and this could be planned or accidental threat. For example, fire is a threat and it could happen accidentally or it could be planned. • Threat agent – (attacker) is the enabler of an attack. For example lighting strike or a person that set something on fire would be the threat agent. 2) Describe the CIA Triangle (also known as the CIA Triad), and give an example of each of its three aspects. How does it tie into Information Security? • CIA Triad – According to Michael E. Whitman and Herbert J. Mattord, “The...
Words: 927 - Pages: 4
...NT2580 Introduction to information security | 7 Domain of IT Infrastructure Security Plan | Project Part 1 | | | [Pick the date] | As described by Tipton and Henry, information security management establishes the foundation for a comprehensive security program to ensure the protection of an organization's information assets. Security management encompasses the administrative, technical, and physical controls necessary to adequately protect the confidentiality, integrity, and availability of the information assets in the IT Infrastructure. Each one of the domain of the typical IT Infrastructure needs a proper security controls to ensure the confidentiality, integrity, and availability (CIA Triad). The following are the overview of the seven Domains: User Domain This is the domain of users that access systems, application, and data. It is the information asset of the organization that will be available to a rightful user by authenticating the user by the acceptable use policy (AUP). It is also define that the user is the weakest link in an IT infrastructure, but by educating user of the sensitivity of the IT infrastructure in the security awareness, security control shall be enforced. Security control to this domain can also be enforced by defining and implement the user policy of the IT infrastructure. Workstation Domain This is the domain where users first connect to the IT infrastructure. Because of numerous threats, it is necessary to implement...
Words: 889 - Pages: 4
...1. Vulnerability is a weakness that can potentially harm us. For example, vulnerability might be a lack of backup generators in a facility or maybe an application you are running on the computer. A threat is something that has the potential to cause us harm. For example, a new virus that threatens to attack windows. 2. Logical controls can be considered as passwords, encryption, logical access controls, firewalls, intrusion detection systems, and network security. Basically, logic controls are things that protect the systems, networks, and environments that process, transmit, and store our data. 3. Utility describes how useful the data is to us. For example, encrypted tapes would have very little utility because the data would not be readable. 4. An interception is an attack against confidentiality. Interception allows for users to access our data, applications, and environments making them attacks against confidentiality. For example, an interception might be the viewing of an unauthorized file or eavesdropping on certain phone conversations. 5. We can never really say that our environment is completely secure and it is very difficult to determine when we are truly secure. Although we cannot be completely secure we can point out areas in our environment that cause our environment to be insecure and attack those issues to be as close as secure as we possibly can. 6. I would say that protecting data on a USB flash drive would start with the Host layer...
Words: 643 - Pages: 3
...Alex learns that Carver and Troy were sent to the island to search for a nuclear bomb. The two CIA agents reveal to Alex that the salesman had sold weapons grade uranium to Sarov and they explain to Alex their plan to infiltrate the residence of Sarov - the Casa de Oro. They intend to scuba dive into a cave and then climb up to the surface. Alex decides to go with them but stays on the boat while Carver and Troy go underwater. When they do not return, Alex dives in alone and after a close encounter with a shark, discovers a mechanical spear trap that impaled Turner and Troy. When he resurfaces, the boat driver has been killed and Alex is captured by Conrad, who puts a sack over his head and injects him with a drug giving him the inability to move. When the sack is taken off, Alex finds himself in a sugar factory lying down on the conveyor...
Words: 1486 - Pages: 6
...Quiz Submissions - Lab Quiz #2 ------------------------------------------------- Top of Form | Attempt 1 Written: Jun 14, 2015 7:07 PM - Jun 14, 2015 7:29 PM Submission View Your quiz has been submitted successfully. Question 1 | | 10 / 10 points | Active Directory was used to impose access controls based upon the user's job title. Question options: | True | | False | Question 2 | | 10 / 10 points | Active Directory can be used to account-based access controls. Question options: | True | | False | Question 3 | | 10 / 10 points | In Active Directory, groups can be used to implement Role Based Access Controls. Question options: | True | | False | Question 4 | | 8.75 / 10 points | Match the access controls in column #1 to the correct category in column #2 (logical or physical). __2__ | Guards and Guard Dogs | __2__ | Fences | __2__ | Bollards | __1__ | Pass phrases | __1__ | Access Control Lists for Folders and Files | __1__ | Passwords | __2__ | Biometrics | __2__ | Door Locks | | | 1. | Logical Access Controls | 2. | Physical Access Controls | | Question 5 | | 0 / 10 points | Under Microsoft Windows, a file's properties will include read, write, execute, and encrypt permissions. Question options: | True | | False | Question 6 | | 0 / 10 points | ____________ is a security principle which requires that access to resources be restricted so that users can only access the files and folders required...
Words: 1124 - Pages: 5
