One of the most basic concepts in the field of Information Security is the CIA Triad or CIA Triangle.  This was mentioned briefly in Chapter 1 of your text.  CIA stands for Confidentiality, Integrity, and Availability.  Denial of Service (DoS) attacks challenge the "Availability" of a system or data.  This could be temporary (e.g., a SYN Flood Attack that renders a web server unavailable during the attack) or permanent (e.g., the deletion or destruction of the data).  The latter of these has become increasingly common in the case of "ransomware" which is malware that encrypts all of the data on an infected system and the administrator is notified that if they don't pay a ransom by a certain date that the key to decrypt the data will be permanently deleted.  (NOTE: This is conspicuously absent from the books discussion on malware but is a MAJOR issue right now.)  While the temporary attacks may be less destructive, they are often done against systems that generate a lot of money (such as e-commerce websites) or at times when they are most needed (e.g. Black Friday).  Often these attacks come from overseas and, for individual cases, there may be little the police can do.  While there are ways to mitigate the effects of such attacks such as firewalls and filters at the network edge or even in the service provider network, often the best way to address any attack on availability is through redundancy - i.e., alternate paths, backup systems, data backups.  Unfortunately, many organizations realize this too late. If your business received a ransom demand under the threat of a ransomware threat to destroy all of your data or a DDoS attack on a day where your servers were generating $1,000/minute in online sales, would you pay?  What would go into your decision making process?  What if you don't have a backup plan?

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

One of the most basic concepts in the field of Information Security is the CIA Triad or CIA Triangle.  This was mentioned briefly in Chapter 1 of your text.  CIA stands for Confidentiality, Integrity, and Availability.  Denial of Service (DoS) attacks challenge the "Availability" of a system or data.  This could be temporary (e.g., a SYN Flood Attack that renders a web server unavailable during the attack) or permanent (e.g., the deletion or destruction of the data). 

The latter of these has become increasingly common in the case of "ransomware" which is malware that encrypts all of the data on an infected system and the administrator is notified that if they don't pay a ransom by a certain date that the key to decrypt the data will be permanently deleted.  (NOTE: This is conspicuously absent from the books discussion on malware but is a MAJOR issue right now.)  While the temporary attacks may be less destructive, they are often done against systems that generate a lot of money (such as e-commerce websites) or at times when they are most needed (e.g. Black Friday).  Often these attacks come from overseas and, for individual cases, there may be little the police can do. 

While there are ways to mitigate the effects of such attacks such as firewalls and filters at the network edge or even in the service provider network, often the best way to address any attack on availability is through redundancy - i.e., alternate paths, backup systems, data backups.  Unfortunately, many organizations realize this too late.

If your business received a ransom demand under the threat of a ransomware threat to destroy all of your data or a DDoS attack on a day where your servers were generating $1,000/minute in online sales, would you pay?  What would go into your decision making process?  What if you don't have a backup plan?

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 3 steps

Blurred answer
Knowledge Booster
Fundamentals of Testing Strategies
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education