\"Select one of the three characteristics of information security (CIA) and expl
ID: 672042 • Letter: #
Question
"Select one of the three characteristics of information security (CIA) and explain its importance as related to the development of policy, education, OR technology."
(CNAA Model)
Can someone help get me started in regards to breaking down the two information choices I have chosen and what direction I should go with this? Possibly an outline... This assignment is to be 1 page in length, the Options I have chosen are Confidentiality and Policy. This class is an Information Security class. Thanks!!!
Explanation / Answer
The CIA combination of confidentiality, integrity, and availability .We are explain one characterstic here
Availability
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks, such as a flood of incoming messages to the target system essentially forcing it to shut down.
Importance as related to the development of policy, education, OR technology.
CIA protects the privacy of student education records. The law applies to all schools that receive funds Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record.
It is using payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
The rapid growth and widespread use of electronic data processing and electronic business conducted through the Internet, along with numerous occurrences of international terrorism, fueled the need for better methods of protecting the computers and the information they store, process and transmit. The academic disciplines of computer security and information assurance emerged along with numerous professional organizations – all sharing the common goals of ensuring the security and reliability of information systems.
If you chosen Confidentiality and Policy
Confidentiality
When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized parties.
Information has value, especially in today’s world. Bank account statements, personal information, credit card numbers, trade secrets, government documents. Every one has information they wish to keep a secret. Protecting such information is a very major part of information security.
A very key component of protecting information confidentiality would be encryption. Encryption ensures that only the right people can read the information. Encryption is very widespread in today’s environment and can be found in almost every major protocol in use. A very prominent example will be SSL/TLS, a security protocol for communications over the internet that has been used in conjunction with a large number of internet protocols to ensure security.
Other ways to ensure information confidentiality include enforcing file permissions and access control list to restrict access to sensitive information.
An important aspect of information security and risk management is recognizing the value of information and defining appropriate procedures and protection requirements for the information. Not all information is equal and so not all information requires the same degree of protection. This requires information to be assigned a security classification.
The first step in information classification is to identify a member of senior management as the owner of the particular information to be classified. Next, develop a classification policy. The policy should describe the different classification labels, define the criteria for information to be assigned a particular label, and list the required security controls for each classification.
Some factors that influence which classification information should be assigned include how much value that information has to the organization, how old the information is and whether or not the information has become obsolete. Laws and other regulatory requirements are also important considerations when classifying information.
The Business Model for Information Security enables security professionals to examine security from systems perspective, creating an environment where security can be managed holistically, allowing actual risks to be addressed.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.