An interesting security concept is the DAD Triad, which represents the failures of the CIA Triad. The DAD Triad consists of Disclosure, Alteration, and Destruction, which occur when security protections in the CIA Triad fail.
- Disclosure happens when unauthorized entities access sensitive material, violating confidentiality.
- Alteration occurs when data is changed, either maliciously or accidentally, violating integrity.
- Destruction refers to the damage or inaccessibility of a resource, often referred to as a Denial of Service (DoS) attack, which violates availability.
Recognizing these potential failures helps in identifying security weaknesses and responding effectively.
Risks of Overprotection
While security is essential, overprotection can also lead to problems:
- Overprotecting confidentiality can restrict availability.
- Overprotecting integrity can also restrict availability.
- Overproviding availability can result in a loss of both confidentiality and integrity.
Balancing security measures is crucial to avoid diminishing the overall effectiveness of a security system.
Authenticity
Authenticity ensures that data is genuine and originates from its alleged source. While related to integrity, authenticity focuses on verifying the data’s source. When data is authentic, the recipient can confidently verify that it is from the claimed origin and has not been altered during transit or storage.
Non-repudiation
Non-repudiation ensures that an entity involved in an event or transaction cannot deny that the event occurred. This prevents individuals or systems from denying actions, messages, or events they were responsible for. Non-repudiation is made possible through a combination of identification, authentication, authorization, accountability, and auditing.
Common mechanisms to enforce non-repudiation include digital certificates, session identifiers, transaction logs, and access control mechanisms. Without non-repudiation, accountability cannot be enforced.
AAA Services
AAA services form the core security mechanism in all secure environments. The acronym AAA stands for Authentication, Authorization, and Accounting (or Auditing). However, the full scope includes five elements:
- Identification
- Authentication
- Authorization
- Auditing
- Accounting
