10 Sep -A Triad CIA triad is well detailed as Confidentiality,

-A Triad

CIA triad is well detailed as Confidentiality, integrity and availability which gives out the abbreviation CIA.  It is a model which is well designed for guiding of policies involving information security in an organization (Warkentin & Orgeron, 2020). CIA triad is also defined as AIC triad which stands for Availability, integrity and confidentiality thus to avoid its confusion to CIA (Central Intelligence Agency).  

Confidentiality

It is equal to privacy, they are the measures which are undertaken to ensure that confidentiality is held so that sensitive information cannot get to the wrong hands; this also makes sure that only the authorized group gets the information (Warkentin & Orgeron, 2020).  Special training can be entailed to ensure the safeguarding of the sensitive data.

Integrity

This involves maintenance of consistency, trustworthiness and accuracy of data over the entire cycle.  The change of data must ensure that it does not get altered by the wrong people.

Availability

Availability is very much ensured by the vigorous maintenance of hardware’s, this involves ensuring that the repairs are done in a need and the functioning is well detailed.

The three elements have a vast relationship to ensure that data is well protected and can only be access by the authorized people (Warkentin & Orgeron, 2020). They are very critical for protecting the data and no element is more important than the other, all are equal towards the IT security.

References

Warkentin, M., & Orgeron, C. (2020). Using the security triad to assess blockchain technology in public sector applications. International Journal of Information Management, 102090.

 

Karthik:

Elements of a CIA Triad

CIA triad refers to a model designed for the development of information security policies to ensure the confidentiality, integrity, and availability of data in information security.  It is used in identifying threats, vulnerabilities, and permanent solutions in information security (Lundgren and Moller, 2019).  Confidentiality principle entails the rules and measures undertaken to ensure the privacy of information. It emphasizes the need to keep data private and to prevent sensitive information from unauthorized access by other people.  Privacy of information is maintained by dividing information into various groups organized according to the amount of damage incurred in case confidentiality is breached and authorized persons who need to access it (Zafar, Ko, and Osei-Bryson, 2016).  Measures used to ensure confidentiality include access controls, Unix file permissions, and file encryption.  

The integrity principle entails the quality of data being accurate, reliable, and trustworthy. It aims at protecting data from deletion and alteration by unauthorized persons.   In the CIA triad, data integrity is attained when it remains unchanged during storage, transmission. Private information should be changed, and measures such as user access controls should be used to prevent unauthorized parties’ data from modification.  Organizations should use version controls to prevent data from unwanted deletions and modifications of data by unauthorized persons.

The availability principle assures authorized users with timely and reliable access to data when needed.  Hardware should be maintained and repaired immediately, and also, the operating system should be functioning without any software conflicts.  Availability ensures proper functioning of authentication mechanisms, access channels, and systems to ensure the availability of information (Lundgren and Moller, 2019).  Organizations should have a backup system to prevent data loss during interruptions of software failure.  Measures to ensure data availability include firewalls and routers.  The CIA triad creates a holistic information security model to protect the privacy, reliability, and trustworthiness of the information.

References

Lundgren, B., & Möller, N. (2019). Defining information security. Science and engineering ethics, 25(2), 419-441.

Zafar, H., Ko, M. S., & Osei-Bryson, K. M. (2016). The value of the CIO in the top management team on performance in the case of information security breaches. Information Systems Frontiers, 18(6), 1205-1215.

 

Pavan Manikanta:

CIA Triad

CIA triad is a model that is used in information security policy making within an organization. Basically, the CIA triad comprises of the three most critical information security components. CIA triad also helps in identifying problem areas together with the necessary solutions in the area of information security (Cherdantseva & Hilton, 2013). CIA triad can be broken down into the following components:

Confidentiality

Confidentiality is basically privacy. This comprises of the measures that an organization undertakes to ensure confidentiality. Undertaking the measures helps an organization in preventing sensitive information from being accessed by the wrong people while ensuring that only authorized people can access the information (Cherdantseva & Hilton, 2013).

Integrity

Data integrity is an important component of information security and CIA triad. Integrity in the CIA triad is meant for protecting data from being deleted or modified intentionally or accidentally. Additionally, integrity helps in ensuring that when a change that should not have been made on data is made, the damage to the data can be easily reversed (Cherdantseva & Hilton, 2013).

Availability

Data availability is also a critical component of the CIA triad and information security. Availability means the actual data availability. Organizations should ensure authentication mechanisms, access channels, and systems are working effectively to protect the information and ensure that the information is available when authorized users need it (Cherdantseva & Hilton, 2013).

It is important to seek a better understanding of the CIA triad and ways in which organizations can use it in planning and implementing a quality security policy while understanding the principles behind it. The CIA triad also has some limitations which should also be understood. Generally, when well understood, the CIA triad can be used for what it offers and avoid the consequences that may come as a result of breach of information security (Cherdantseva & Hilton, 2013).

References

Cherdantseva, Y., & Hilton, J. (2013). A reference model of information assurance & security. In 2013 International Conference on Availability, Reliability and Security (pp. 546-555). IEEE.

 

Bhavesh:

C-I-A Triad

CIA triad is a model that has been widely used in the IT security sector to enhance the three important components of IT security. CIA triad stands from three important components which include Confidentiality, Integrity, and Availability. These three components work together to make a whole security requirement. Confidentiality is an important element of security that ensures information of an individual, a group, or a company is protected from unauthorized access (Death, 2017). Sensitive information such as personal details, medical details, and financial information requires protection so that it is not accessed by unauthorized persons. The protection of sensitive information can be achieved by putting in place measures that facilitate its protection. This includes the use of access controls, Unix file permissions, and encryption of important files or documents.

            Integrity is the second important CIA triad component that refers to the protection of information against modification or deletion. Sensitive information IS at risk of being modified or deleted by unauthorized persons which can affect an individual, a group, or a company at large. Integrity also ensures changed data can be reversed to its original state. Data that is stored or in transit should be protected against alteration or modification by putting in place measures such as the use of access controls and backups (Andress, 2011). Access controls prevent the data from being accessed by unauthorized persons while backups ensure lost or altered data is recovered.

            Availability is the third important component of CIA triad which ensures your data is available in case you need to access or in need of them. Information availability should always be considered available through ensuring access channels and important systems are in place. Additionally, hardware and software are high availability systems that ensure information availability.

References

Andress, J. (2011). The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. Amsterdam: Elsevier.

Death, D. (2017). Information Security Handbook: Develop a threat model and incident response strategy to build a strong information security framework. Birmingham: Packt Publishing Ltd.

 

Harish:

SOFTWARE AS A SERVICE (SAAS)

It is a part of the cloud applications and is also known as the cloud application service commonly used by the users in the market. Software as a service uses the web to provide its uses, which are handled by a third party to the users of the application (Brian, 2019). The SaaS applications use the internet directly and do not demand installing any particular software or applications from the part of the user. Since the model mainly uses the internet, the models help the company in altogether avoiding It professionals. With the help of SaaS, the clients can handle all its data-related problems. This helps the company in spending time on more essential duties in the organization. Examples of SaaS include Dropbox, Google Drive, and WebEx from Cisco.

 

PLATFORM AS A SERVICE (PAAS)

Platform as a Service involves providing cloud system components to particular software when used in an organization’s applications. PaaS helps the creators to make a specific structure that can be applied to similar problems. The structure can be used by the developers to create customized software too (Brian, 2019). PaaS helps companies in designing and making software that is specifically for specific software requirements. These applications are well in demand as they are valuable and can be attributed to many different cloud characteristics.

PaaS faces the central issue of data security. The company’s data security is always at risk as a third party with advanced technology can quickly get into the system. In PaaS, customers cannot function at a higher limit as the management’s workflows are limited for the cloud operations. Examples for PaaS include Windows Azure.

 

INFRASTRUCTURE AS A SERVICE (IAAS)

They comprise of flexible resources. IaaS is designed to understand the evaluate the performance of systems, interconnected networks, and various other services. IaaS can be termed as the most scalable model from the various alternatives provided by cloud computing programs (Brian, 2019). In IaaS, it is easy to allocate the storage resources, the networking complications can be resolved faster, and power and servers can be taken care of. They are highly scalable and provide an additional cost-benefit as the required hardware should only be procured based on the program’s utilization. They also hold the threat of security as there is always a risk from within the system. The cost of consumption also varies depending on the utilization levels. Examples of IaaS include Amazon web services.

 

 

REFERENCES

Franklin, Curtis & Chee, Brian. (2019). Software as a Service. 10.1201/9780367259433-9. https://www.researchgate.net/publication/338469449_Software_as_a_Service/citation/download

Franklin, Curtis & Chee, Brian. (2019). Infrastructure as a Service. 10.1201/9780367259433-7. https://www.researchgate.net/publication/338468008_Infrastructure_as_a_Service/citation/download

 

 

 

 

 

Zakera:

 

IaaS: Cloud computing is an inescapable innovation that prompts requesting business necessities, the cloud administrations of IaaS use are being extended in the data storage  space, which prompts an expansion in the prerequisites of data transmission. To lessen the data storage space, the De-Duplication Compression (DDC) calculation has been proposed to improve the capacity and usage of transfer speed in the Storage Optimzation System (SoS) through the end of copy documents and screen the IaaS stockpiling use. The different kinds of metadata principles help to distinguish the separate record objects and the document information components are connected with comparing square can be bunching into portioned canisters. In light of client access recurrence, the positioning has been resolved to anticipate future utilization dependent on record access designs, the SoS framework has a dashboard that can assist the client with choosing the document activity. This framework result has tried different things with the genuine condition with various boundary reproduction. The proposed SoS structure will diminish cloud IaaS space size up to 13.80% than the current distributed storage framework. Example :Rackspace, Digital Ocean, Google Compute Engine, and some deployments of Microsoft Azure and Amazon Web Services (AWS) Use Case: IaaS is the most adaptable assistance model for distributed computing, so it is particularly successful for new companies and associations searching for agile scaling. It is additionally favored by organizations that look for more prominent command over their assets. Paas: Security of Platform as a Service for multi-occupant turns into a key factor for the practical advancement of the framework. This paper examines the impediments and weaknesses of conventional character confirmation. Character verification is acknowledged through the ticket validation technique. Thinking about the dynamic and idealness of assets in distributed computing, this paper proposes a unique access control strategy dependent on Role-Based Access Control and use control model from the point of view of business discussion, to understand the dynamic access control of inhabitants to assets in Platform as a Service. The paper explains on the security and convenience of the key age, circulation, update, and metadata access control measures. Practice shows that the cloud asset access control model can deftly understand the control of cloud assets, for example, authority division, asset trait limitation and use control, in order to more readily fulfill the need of cloud asset access control with multi-occupant sharing and dynamic qualities in cloud condition. Example:Salesforce, AWS Elastic Beanstalk, Heroku, Google App Engine (GAE), and OpenShift Use Case:PaaS is profoundly accessible and exceptionally versatile, and it enables associations to assemble and make new administrations and arrangements without the requirement for profoundly talented engineers concentrated on programming support. PaaS is favored by IT in mixture cloud conditions. Saas: SaaS is a model of programming arrangement where an application is facilitated as an assistance gave to clients over the Internet. SaaS is commonly used to allude to business programming as opposed to customer programming, which falls under Web 2.0. By eliminating the need to introduce and run an application on a client’s own PC it is viewed as a path for organizations to get similar advantages as business programming with littler cost expense. SaaS can mitigate the weight of programming upkeep and backing however clients give up command over programming renditions and necessities. Different terms that are utilized in this circle incorporate Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). An open cloud offers administrations to anybody on the Internet. A private cloud is an exclusive system or a server farm that provisions facilitated administrations to a set number of individuals. All the significant organizations have thought of their own code based or non-code based distributed computing systems. 

Example: Probably the most noticeable code-based edge works are:

 • Java Google web Toolkit (Google App Engine).  • Python Djangno (Google App Engine)  • Ruby on Rails  References: Augustus Devarajan, A., & Sudalai Muthu, T. (2020). Enhanced Storage optimization System (SoS) for IaaS Cloud Storage. Fourth International Conference On, 756–760. Retrieved from https://doi.org/10.1109/ICISC47916.2020.9171182  Xu, S., Xin, Y., Zhu, H., Luo, S., & Chen, Y. (2019). A Authentication and Access Authorization Mechanism on the PaaS Platform.IEEE Symposium Series on Computational Intelligence (SSCI), On, 893–900. Retrieved from https://doi.org/10.1109/SSCI44817.2019.9002757 Nageswara Rao N K,E Kusuma  Kumari.(2010).Journal Of Theoretical And Applied Information Technology. Retrieved from http://www.c-sharpcorner/cloud-computing-saas,  Cloud Computing – SaaS By  Bhaskardeep.