Technology

Question one Significance of confidentiality, integrity and availability (CIA) in information security
Confidentiality, integrity and availability are the benchmark in information security. They are the basic principles that guide security in information security. In the installation of an information system application, a data transfer system or any system that will provide access to data, the principle of confidentiality, integrity and availability must always be maintained.

Confidentiality refers to all attempts to limit the access of information by unauthorized persons. Confidentiality also involves limiting disclosure of information to people whom the information is not intended for. For the security of the information system to be effective, the right people should be able to access the information while it should be immune from unauthorized access. Methods that are commonly used for authentication includes the use of passwords and user identification. The system identifies the users and controls who access what information in the system. Confidentiality is the basic principle of information security since it limits access to information that is considered personal (Stamp, 2006).

The principle of integrity refers to whether the information in the system is trustworthy. Integrity of the information entails the integrity of the data, i.e. whether the data has inappropriately been altered deliberately or by accident and the integrity of the source of the information. The principle therefore defines the validity and reliability of the information in the system. For integrity of the system to be maintained, the information should be preserved and free from corruption during transmission or feeding the information to the system (Layton, 2007).

Availability of the information is a basic principle in any information system. If the information in the system is not available, the system is as good as none at all. The unavailability of the information in the system may even be worse if the organization in question is highly dependent on the information. Majority of organization today are highly dependent on information systems and can literally not operate without them (Bishop, 2003).

Question two Why the CIA principles are not relevant in the firms security architecture design
Confidentiality, integrity and availability are the traditional principles of information security but they are not sufficient in providing absolute security of the information. For this reason, they are not very relevant in the architectural design of an organizations information security system. The main weakness of these aspects of information security is their dependence on technical issues, natural occurrences and interruption by human activities. Even if the CIA principles are adhered to, the system is faced with the risk of technical interruption due to improper functioning of the devices. The system security can also be affected by natural factors such as wind, storm or water. The CIA does not secure the information from malicious or accidental human interruptions.

Before deciding on whether to use the CIA information security principles, it is important to consider whether the security systems are aimed at prevention or detection. Although the CIA principles may not be very relevant in the design of information security system, they are essential and cannot be ignored. The effectiveness of these principles is dependent on the technology available and the risk that the information is faced with.

To determine the validity of the principles in providing adequate security of information, the organization needs to undertake risk management. Risk management will enable the organization to identity the threat associated with the information and decide on the mitigation measures. The architectural design of the information security in the organization will be determined by the threat faced by the information. In many organizations, the basic factors of the information security designs include administrative controls and physical security.  The application of CIA and its reliability is dependent on the technology available and the risk involved (Pfleeger  Pfleeger, 2003).

Question three Advantages of turn the handle algorithms in information security
Replacing the old security systems with new and more security standard is the current trend due to the increased threat which faces the information stored. The old Digital Encryption Standard is being replaced with the more secure Triple Digital Encryption Standard. The system uses the turn the handle algorithm and has several advantages. A more sophisticated and secure system that uses the same algorithm called Advanced Encryption Standard has been developed to improve the security of information (Furusawa, 2003).

The major advantage of this approach is the ability to significantly reduce the susceptibility of the attack. The Advanced Encryption Standard is the most significant approach in the modern computing systems as a result of the increased risks of sabotage. For this reason, most of the federal agencies and international corporations have adopted the Advanced Encryption Standards to improve the security of their systems as recommended by the National Institute of Standard and Technology. The systems are useful to the financial institution in securing sensitive financial information. Over the last one decade, these algorithms have provided uninterrupted information security which has proved their usefulness. Another advantage is the efficient implementation of the security system either the hardware or the soft ware and their performance. This advantage has resulted into manufacturers incorporating this form of security systems. Despite these advantages, the manufacturers should not develop an all in one software and hardware that can perform a combination of DES, AES and RSA cryptography. Although many users continue to use the aging security system with reasonable confidence, there is no compelling reason to force them adopt the new system which may be expensive. The adoption of the new systems will come naturally as more and more devices with the new and improved systems continue to be manufactured (Furusawa, 2000).

Question Four  Firefox and Microsoft Internet Explorer browsers and IT security
The internet explorer has dominated the web browser for over a decade until the entry of firefox. Over the years, the internet explorer has been faced with security vulnerability. However, Microsoft has embarked on reducing the vulnerability through research in order to adopt more sophisticated security systems. The entry of firefox into the market has transformed the market by providing an option to the internet users. Firefox has introduced more secure systems which have resulted in intense competition between the two providers (Parsons  Oja, 2009).

However, lack of diversity due to the dominance of internet explorer and firefox increases the vulnerability because the market is not competitive enough. An entry of a third browser with a substantial command of the market will create more competition and users will be able to have a wider choice of product. Users will always access the security of the product which means that improved security will be the center of competition. The possibility of better security incase the dominance of the two browsers is broken is evident from the reaction of Microsoft to the entry of firefox into the market. Microsoft responded by improving internet explorer in order to remain in the market which was at the benefit of the user.  

Question five Cyber war
There is an increased threat of cyber war among different nations and organizations which increases the risk of information stored in the information systems in different parts of the world. Cyber war refers to a growing trend in which warfare is conducted in the cyberspace using computers and the internet. The war is undertaken in the virtual world with its effects being evident in the physical world. Cyber war generally refers to a situation where one state attacks the cyber space of another state. The attack may also be one corporate organization attacking the cyber space of a rival organization. In some cases, system hackers and terrorist syndicates may maliciously attack a state or organization cyber space. In the recent past, cyber crime has become a major issue where nations are arming themselves with abilities to combat any attack on their cyber space.

The main targets of cyber space attack are the government agencies, infrastructure and financial institution. This indicates that cyber space attack may have far reaching effects on the nation or organization attacked. However, there is no government agency or corporate organization that can claim immunity form cyber attack. This is due to the highly trained and experienced hackers who are capable of attacking any system. The war may have adverse effect on the electronic financial operations and damage essential utility infrastructures such as electrical grids and air traffic control. Attack on the government agencies may release important security information and other classified information to unauthorized persons (Brenner, 2009).  

A good example is the report released in 2009 that showed that the electric grid was susceptible to cyber attack which is likely to interrupt electricity distribution in many parts of the country. The threats came from Russia and the Chinese who were said to have developed software that would breach the security of the system. Although such attacks have never happened in many in the world, if combined with military attack, the impact may be far reaching (Brenner, 2009).