Skip to content

JA1. Confidentiality, Integrity, and Availability

Statement

Describe the concepts of confidentiality, integrity, and availability as it pertains to network security. Which of these concepts do you think should be given the greatest consideration while designing your network? Explain.

Answer

The definitions of CIA according to (Chai, 2021) are as follows:

  • Confidentiality is a set of rules that limits access to information. Similar to privacy, or preventing unauthorized access to information.
  • Integrity is the assurance that the information is trustworthy and accurate, or preventing unauthorized modification of information.
  • Availability is a guarantee of reliable access to the information by authorized people, or information is always available to authorized users.

In the context of network security, the CIA concepts provide guidance that the designer should follow before making decisions; E.g. when making decisions to increase the security of the network, the designer should consider the effect of this action on availability, integrity, and confidentiality of information on the network.

To select which one of the three concepts should be given the greatest consideration while designing a network, it is important to consider other factors as well such as the domain of the network, the number of expected users and their geographical location, nature of the information that will be transmitted over the network, and the level of security that is required (Vishik et al., 2016).

For example, in a network that is used to broadcast nationwide disaster alerts, availability is the most important as you want such a network to be available during harsh conditions such as natural disasters; the other two concepts are still important but availability is the most important.

In a network that is designed to transmit classified information, such as a military or government network, integrity is the most important as you need to ensure that every data packet is legitimate and from a known source; otherwise, enemies may be able to inject false information into the network. Confidentiality is still important in this example, while availability takes third place.

In a network that is used to transmit financial transactions, confidentiality is the most important as only authorized parties should be able to access the financial information; otherwise, people’s money is at risk which can not be tolerated. Integrity is also important in this example, while availability can be tolerated (e.g. system is only available during working hours and not 27/7).

To conclude, the three CIA concepts are of great value to any network designer; the decision to focus on one of them over the others depends on experience and a lot of other factors. By default, for general-purpose networks or fresh network designers, it is recommended to give equal consideration to all three concepts and consider all of them as the most important.

References