top | item 44647564

(no title)

This is the crux of the issue. The CIA triad (confidentiality, integrity and availability) are the root of all security. However, those goals are often self-contradictory.

There will always, for example, be a conflict between availability and confidentiality. Ultimate confidentiality might require that the data be stored in an inaccessible bunker with no outside access. Ultimate availability might involve hosting sensitive data on a publicly accessible server with no access controls.

In the real world we must always balance these needs carefully, and triage available resources to achieve an "ideal" outcome. This means that security will never, and can never, be a solved problem.

discuss

rapjr9|7 months ago

The CIA triad comes from an agency that spies on people so I wonder if it truly is a comprehensive philosophy of security. It might be an attempt to confuse those they spy on with the intent to encourage security gaps. Philosophies of any kind are notorious for not being comprehensive or provable. Is there any research that tries to verify this philosophy? I worked on computer security for a few decades and I've never seen a justification for the CIA triad. The security community used to say that advanced persistent threats were "out of scope" because "the cost to defend against them was too high", but today they obviously are not out of scope because APT's are everywhere. Possibly the triad is a false legacy assumption as well. It seemed cool because it came from the CIA, but is it true? Even if it is reasonably true, is it complete?

As an example, diplomacy, open source, shared interests, universal basic income, and education can reduce the desire for attacking. How do these factor into the CIA triad?

stevenAthompson|7 months ago

I would argue that all models are inherently incomplete because they are models (IE - they are the map not the territory). Rather than worrying about completeness, it's better to ask if the model is useful, and if anything would change about the requirement for tradeoffs in security if we used a more complete model?

I would answer that the triad IS useful in this scenario and further that if we used an alternative model (The 7-C's maybe?) we would still find inherently contradictory requirements for almost every security scenario. In fact, we would just MORE more of those trade-offs, further proving that security can never be "perfect."

For example, I can think of several fundamentals the triad doesn't cover directly. Privacy and non-repudiation spring to mind as concepts that don't neatly fit into the CIA triad, but they are the antithesis of each other!

Perfect privacy would require that nobody (including data-owners) can identify the user, and perfect non-repudiation would require that no access be granted without 100% proof of the current user. Again, you are forced to choose and this means that some aspect will always be less than perfect.