Page 70 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 70
and network traffic, using firewalls and routers to prevent DoS attacks,
implementing redundancy for critical systems, and maintaining and
testing backup systems. Most security policies, as well as business
continuity planning (BCP), focus on the use of fault tolerance features
at the various levels of access/storage/security (that is, disk, server, or
site) with the goal of eliminating single points of failure to maintain
availability of critical systems.
Availability depends on both integrity and confidentiality. Without
integrity and confidentiality, availability cannot be maintained. Other
concepts, conditions, and aspects of availability include the following:
Usability: The state of being easy to use or learn or being able to be
understood and controlled by a subject
Accessibility: The assurance that the widest range of subjects can
interact with a resource regardless of their capabilities or
limitations
Timeliness: Being prompt, on time, within a reasonable time
frame, or providing low-latency response
CIA Priority
Every organization has unique security requirements. On the
CISSP exam, most security concepts are discussed in general
terms, but in the real world, general concepts and best practices
don’t get the job done. The management team and security team
must work together to prioritize an organization’s security needs.
This includes establishing a budget and spending plan, allocating
expertise and hours, and focusing the information technology (IT)
and security staff efforts. One key aspect of this effort is to
prioritize the security requirements of the organization. Knowing
which tenet or asset is more important than another guides the
creation of a security stance and ultimately the deployment of a
security solution. Often, getting started in establishing priorities is
