alt Hacker News> For the record, the 'A' in CIA refers to resilience against some party's purposeful attempt to make something unavailable.
That’s pretty clearly not correct.
> For the record, the 'A' in CIA refers to resilience against some party's purposeful attempt to make something unavailable.
That’s pretty clearly not correct.
Care to explain what you think is correct, if that is incorrect?
CIA is about security. It's not about some kind of operational best practices.
Supporting example: creating a system where someone failing to enter their password correctly one time locks them out for a day is problematic, because that system can be made unavailable by an attacker. This is not an Available system, and thus not as secure as one that has a more flexible lockout policy.
Supporting example: creating a system where an application is only available from one IP address is problematic, because an attacker can take out one ISP and knock that IP address off the Internet. Making the system more Available by allowing users to access it from other IPs improves the overall security posture.