The CIA Security Triad isn’t solely about balancing network security.

Confidentiality, Integrity & Availability (CIA)

One might think that CIA is a balance of elements that allow for maximization of user ability and security. This might be true but this balancing act is really an individualized process based on the needs of the system and the user. For instance. in cases where confidential information must be protected such as medical record guarded by HIPAA, availability will likely be sacrificed in order to add layers of protection to the data (Microsoft, 2015). This will likely mean that there will also be a high level of integrity because users will have to be discretely organized by clearance levels (Microsoft, 2015).

Some systems don’t need large amounts of integrity such as user based collaborative networks like cloud drives. In this instance, integrity is not as important as confidentiality or availability. For instance, a Google drive program used for a class might have a high level of availability, moderate confidentiality, and very low integrity (Microsoft, 2015).

There are systems that also rely heavily on integrity such as some of the government systems like Social Security. These systems will not allow for data to be manipulated easily even if you were able to get past the security (Microsoft, 2015). Integrity in some systems such as Social Security are vital because you would not want someone to be able to alter critical personal information of large numbers of people.

What one can see from these examples every system and user base has unique needs. When designing security policies and plans for information systems, the long-term usage of the information must be taken into account. Daily usage is important, but the sensitivity of data and the level of usage must be considered in order to create a practical system.

There are other ways to look at security within organizations. From a business planning standpoint, in order to achieve maximum security on a network one would have to be willing to give up four essential areas of business need including:

1. Usability- as more security features are added to a network the network becomes increasingly more difficult to navigate and enter. Security challenges and other features make the network difficult for users to work on efficiently because of the constant stop and go caused by security policies (Microsoft, 2015).

2. Cost effectiveness- securing networks can become tremendously expensive and the more features that are added the more costly it becomes (Microsoft, 2015).

3. Functionality- as more applications are added to a network this creates a problem in which there is less functionality caused by lack of interoperability (Microsoft, 2015).

4. Esthetics- The look of the network may not appear to be an important function but it’s esthetic function makes it vital. If customers must use the network, they may draw conclusions about the company due to the fact that the site is not appealing. This can create a loss of credibility or brand but also invite hackers if the site looks abandoned or neglected.

The security of the network needs to be strong but not so strong that it creates other problems such as enormous cost or loss of functionality. The tradeoffs for security also become prioritized differently depending on the business needs and the goals of the company. For example, a company that has a network with customer access will have more priority given to esthetics.

References

Microsoft. (2015). Developing Network Security. Retrieved from Microsoft: https://technet.microsoft.com/en-us/library/cc960627.aspx

Photo by Ilya Pavlov on Unsplash