-1

I am looking for a device to explain the compromises that we make for extra layers of security.

For example wrt extra layers: communication like JWT encryption/signing and other sorts of encapsulation over TLS

Could I use something like the CIA triad to argue that now with this added complexity we have affected the Availability (perhaps reliability) of the service?

If we relied on just TLS for "secure communication", then we increase availability?

hendry
  • 129
  • 4
  • Have you affected the Availability, or has the added complexity merely introduced new risks? Please make sure that you have reviewed what the CIA triad is and what it is meant to be used for. – schroeder Apr 27 '22 at 09:09

1 Answers1

0

Availability would have been affected only if the increased complexity actually leads to the application being (temporarily) not available. So I would not say increased complexity has in this case affected availability, however, the chance that availability is affected might have increased.

If we relied on just TLS for "secure communication", then we increase availability?

This is also a matter of perspective. Clients that do not support TLS will now not have access anymore. Clients that require the use of TLS, on the other hand, will get access.

Wouter
  • 397
  • 1
  • 12