Foundation Concepts

Write a respond adding to the arguments below or disagree with it and back your point up. Statement 1- 150 words Statement 2- 150 words Statement 1 In Chapter 3 the word "Trust' is defined as related to information security. Based on your understanding of securing your environment, what are some of the common safeguards you recommend to ensure trust is viable in your organization Trust is one of the most important concepts that any technological company can have with their customers. This trust is what keeps that customer paying for the services provided and stops them from leaving and finding someone else that can do the same job but "more securely." The best way to maintain trust is to maintain security through the CIA triad. By maintaining these three categories (confidentiality, integrity, accessibility), trust can be maintained from an information security point of view. Confidentiality will keep all data that your customer has going through your network or being passed through your services only seen and readable by those who the information is pertinent to. In the military or government, this is usually divided by security levels (Jacobs, 2016). A good service that will protect confidentiality is the connection confidentiality service. This service provides confidentiality to a connection of two subjects and therefore transposes that protection onto any data that traverses the connection. Integrity plays a role in three major areas: the integrity of information, data, and origin (Jacobs, 2016). The information integrity defines on whether or not the information is true. The data integrity defines on whether or not the data was modified. The origin integrity defines where the information came from (and if it has been changed or not). In terms of integrity, the most important to most customers would be the integrity of the data. If the data has been modified, the data has no value to the customer any more. By ensuring the data cannot be tampered with through connection integrity is invaluable. To make things even more secure, and the customer have more trust in the process, integrity with recovery is a better choice. In the event modification of data does occur, the service itself has the ability to effect retransmission of the modified object (Jacobs, 2016). Another good service that can provide trust is the use of non-repudiation services. This will prevent anyone from sending some form of data and then later refuting that they actually sent it. Availability is one of the more underlying but critical aspects of information security. If a customer is expecting to be able to use your services at any time of day, then the system that provides their services must be backed up and have failover options in the event of a crash or reboot. If a customer attempts to utilize your services and the system is down, the customer may lose trust in your ability to provide what they are paying for. Dependent on the need and scope of services being provided, a hot, warm, or cold site could be implemented. Back ups should always be implemented on any system, and in high stake services, or if the SLA defines 2417 availability, a redundant system on standby should be set in place. Statement 2 The importance of preserving confidentiality, integrity, and availability, known as the CIA triad is what we live by. The CIA triad is a vital part in any organization trying to maintain an effective network. There is extensive discussion about ways the CIA can be improved by extending and improving security information. What we knew yesterday can change quickly and be a different problem the next day. Technology is an ever-evolving area that brings new challenges to everything associated with it. These new challenges are especially true in confidentiality, privacy, anonymity, plausible deniability, and many others. Where many organizations fall victim is their lack of understanding of security information. There was even more distrust in the process of security information with the betrayal of Snowden. This was also seen as a wakeup call which made many people stop viewing information security naively. With all the projects that go on in the technology realm there is little or no security implemented when starting a new project. This leaves gaps and a potential to be compromised by an inside or outside source. A possible solution to mitigating and managing the risks is to look at it from different points of view. The solution suggested is the trust information security architecture (TISA). The TISA is like a puzzle that must be connected and understood as to see the information completely. All the layers play a part and once they are all put together they form a strong security bond. Developing information security at both the administrative and organizational levels will help in reducing risk. Also assuming all network traffic is untrustworthy, including internal and external, can resolve the simplest problems such as phishing and spam. This is a part of a model called the zero-trust model, which is simply saying stop trusting packets as if they were human beings.        

Sample Solution