Cia triad authentication and nonrepudiation

1.Do you think nonrepudiation falls under one of the tenets of the C-I-A triad (confidentiality, integrity, and availability)? Why or why not?

A security model of any organization involves three main attributes called C-I-A triad which stands for confidentiality, integrity and availability. These three tenets of information security guides information security policies of an organization. One or more of these principals are violated when any kind of cyber-attack, data leak or data breach happens in an organization. Confidentiality assures that only authorized personnel or party can access an organization’s sensitive information or database thus keeping unauthorized access at bay. Integrity ensures that data do not get corrupted or tampered with and remains accurate, consistent and authentic over its lifecycle. Similarly, availability ensures that the data is available and ready whenever it is required. This is ensured by keeping all hardware working, minimizing downtime in case of unavoidable events by keeping backups and redundant devices, maintaining network etc. Now let’s come to nonrepudiation, Non-repudiation refers to a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract. The term is often seen in a legal setting when the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated" (Zhou, 2001). So, I think nonrepudiation falls under integrity category of C-I-A triad because non repudiation confirms that a message was send by its original sender and that its origin cannot be questioned with. This means that the message reaches the receiver untampered and in its authentic form which is what integrity also ensures.

2. Is the C-I-A triad adequate when selecting controls for a Windows system? Why or why not?

In my opinion C-I-A triad although speaks a lot about information protection is not adequate when selecting controls for a Windows system. This is because C-I-A triad is entirely concerned with information only and do not talk anything about accountability and responsibility. Another thing is C-I-A model do not relate anything about the interdependence between its triads. For example, increasing confidentiality and integrity may result in compromise of availability (Solomon, 2021). This means a less available system can have more confidentiality and integrity than easily available system. Although availability ensures that we get easy access to the resource when needed but this does not mean that an unauthorized use of hardware is not possible. Also, the C-I-A triad do not talk anything about authentication which involves establishing the identity of a user.

References

Solomon, M. G. (2021). Security Strategies in Windows Platforms and Applications (3rd ed.). Burlington, MA: Jones & Bartlett Learning.

Zhou, J. (2001). Non-repudiation in Electronic Commerce

POST – 2 please provide one reply to this post.

Nonrepudiation falls under one of the C-I-A triad’s tenets.Non-repudiation refers to the assurance that an individual cannot deny anything. Nonrepudiation typically is the ability of ensuring that a party to a certain communication or contract cannot deny the originality or authenticity of their personal signature on a given document or sharing a message or information that they originated("The CIA Triad: Confidentiality, Integrity, Availability - Panmore Institute", 2020).Non-repudiation needs the creation of various artifacts that could be used in disputing the claims of an organization, which denies being the originator of a certain communication or action. Suchartifactscontain a given identity, whose authenticity is the tangible evidence that connects an identified party to a certain action or communication. Digital signatures ensure data integrity by guaranteeing the identity of the sender. Digitalsignatures enforce the identity of a sender to ensure that the sender cannot deny the act later. Timestamps possess the date and time when the document was developed or composed in generating an evidence of,the availability of the document at that particular time.

C-I-A triad adequate while selecting controls for a given system of Windows. The CIA’s integrity can be verified by the use of a hashing algorithm. A hash of the message is essential generated and attached to the end of communication or message(Spiceworks, 2020). The person receiving the message calculates the message’s hash and compares it with the received hash. In case anything changed during the transit process, the hashes cannot match. The hashes used in storing data are completely different from hashes of cryptographic. Before the release of Windows NT, the operating systems of Microsoft were using the LANMAN protocol for purposes of authentication. This was replaced by the NTLM after Windows NT was released.

References

Spiceworks, I. (2020). The CIA Triad and Its Real-World Application. Retrieved 20 June 2020, from https://community.spiceworks.com/topic/2205579-the-cia-triad-and-its-real-world-application

The CIA Triad: Confidentiality, Integrity, Availability - Panmore Institute. (2020). Retrieved 20 June 2020, from http://panmore.com/the-cia-triad-confidentiality-integrity-availability