-1

I believe it would violate all the three aspects due to following reasons:

  1. Confidentiality: Since the website is obviously a scam, in case any person/user registers it, the data of the user would not be confidential or would be up for sale or misused in some other way.

  2. Integrity: The data in the scam website would be definitely false or would have falsified data to mislead new users.

  3. Availability: the person who manages the scam website could shut the website whenever they would like. Hence the scam website violates the availability aspect.

However, I also feel it would be violating only integrity as it is posting falsified data on the website to attract new users or to mislead them.

I am new to this security field, please let me know if my assumption is wrong or additional points could be added/said.

LoneWolf
  • 3
  • 2
  • You are taking a theoretical model and shoehorning it into a specific instance that it was not intended for. Your scope is all over the place, and no answer could be helpful. CIA is about data. Please look up what CIA means and what the definitions are. It looks like you have only taken the headings of the CIA triad and tried to apply them. – schroeder Sep 10 '21 at 09:59
  • So, the answer is "no". A site, fraudulent or not, does not violate the CIA triad simply by existing. And all the factors you list for a fraudulent site are exactly the same for a legitimate site. – schroeder Sep 10 '21 at 10:06
  • I’m voting to close this question because it is based on a very faulty premise requiring answers that alter the premise instead of answering what was asked. – schroeder Sep 10 '21 at 10:15
  • @schroeder Thank you for your reply. I will Research in CIA deeper and work on it. – LoneWolf Sep 10 '21 at 10:44

1 Answers1

0

No, that's not what the CIA triad is about. It's about the data, not what will be done with the data later.

If the scam site uses proper TLS, even if the information ends up sold, the information on the connection is private because TLS encrypts it. So Confidentiality holds.

The same with Integrity. Using proper TLS means nobody can change the information being sent and received.

Availability is not about the website being taken down by the operator, but the operations of the site allowing proper operation.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • I have a query you mentioned about CIA is about data and not what will be done with the data. So if the data displayed on the site is false (as it is a scam site), wouldn't it violate integrity? – LoneWolf Sep 10 '21 at 10:51
  • No it doesn't. Please look up what Integrity means in the CIA triad. – schroeder Sep 10 '21 at 10:53
  • @LoneWolf integrity is violated only if bank says "I am Bank of America" and client receives "I am Citi Bank". No matter what the data means, but if it wasn't changed in transit. It's way more low level than you are thinking. – ThoriumBR Sep 10 '21 at 10:57
  • @ThoriumBR Thank you for the clarification. – LoneWolf Sep 10 '21 at 11:21
  • @schroeder Sure will look into it and will be definitely researching more on the CIA triad. Thank you for your answer too. – LoneWolf Sep 10 '21 at 11:24