20 Nov In Module One, you selected an emergent workplace security technology as part of the discussion. Imagine that the executives in your organization have deci
In Module One, you selected an emergent workplace security technology as part of the discussion. Imagine that the executives in your organization have decided that adopting this technology presents a large enough competitive advantage that they have decided to push for the company to adopt it. Using an adversarial mindset, identify the risks related to the confidentiality, integrity, and availability (CIA) triad in adopting this technology.
In response to your peers, using your security analyst perspective to counteract the adversarial mindset, how would you address the risks to the CIA that your peers have identified?
To complete this assignment, review the Discussion Rubric.
RESPONSE ONE
Hello Everyone,
I chose quantum computing as my emerging technology in my first discussion post. There are many risks to our data if threat actors use quantum computing, and the ability to crack what was thought to be safe encryption will be troublesome in the future. There is another risk to the CIA triad; this time, the other side will have issues with use.
With Quantum computing being relatively new, there is much to learn about computing power, pros, and cons. Since we have yet to research the tech thoroughly, there are a lot of unknowns. This could pose a critical threat to security, as we have yet to find or work out much for vulnerabilities. The unknown nature of how insecure the systems could be would be a huge red flag for any company wanting to make the switch.
There is the issue with qubits as well. These are the data blocks the computers use to communicate and complete their processing. Due to the nature of these quantum bits, they are sensitive to noise, vibrations, and temperature. A flux in any one of these could change the qubits. This could cause a loss of data stored in the computer. This would be a hit against the integrity of information and availability. If the data is completely erased due to, say, an earthquake, then your data is lost and now unavailable.
This new technology has the potential to be a considerable breakthrough for computing power, but like with any technology. There will be some bugs to work out and some issues that need to be addressed before it is safe to put into a production environment.
RESPONSE TWO
Hey Everyone,
If I can remember correctly I chose cloud computing and software as a service (SaaS) for my emerging technologies in module one. For me, this technology and emerging trend, offers many security issues and vulnerabilities to be discussed.
As for Confidentiality, the use of cloud computing requires all data to be transported over a network. Even if this data is encrypted there must be a sharing of keys. If an organization is using symmetric encryption then the key sharing is at risk of being captured and even if the organization is using asymmetric encryption, there are many ways, if given enough resources, to analyze and crack the encryption. The fact that cloud computing and software as a service requires the use of a network and the constant flow of data between the corresponding servers creates a huge confidentiality issue.
As for Integrity, most data in use during a cloud computing scenario is being stored and then delivered to clients from a storage sever maintained by the cloud provider. This means that data can be intercepted and changed while in transit or changed while at rest on the servers. I have always wondered if organizations that offer these cloud services actually have the means to check validation and correctness on all the data they store. The vast amount of data and servers in play here would seem to make it extremely easy for changes of data to go unnoticed.
As for accessibility, when it comes to relying on a third party being available and the network used to connect being maintained, you begin to have a major issue. If any disruption of services at the cloud provider, whether digital through a cyber incident that is planned or due to negligence, or physical due to a natural disaster at the sever locations, you have zero accessibility and a major disruption of any client organizations critical business functions.