One of the most basic concepts in the field of InformationSecurity is the CIA Triad or CIA Triangle. This was mentionedbriefly in Chapter 1 of your text. CIA stands forConfidentiality, Integrity, and Availability. Denial ofService (DoS) attacks challenge the "Availability" of a system ordata. This could be temporary (e.g., a SYN Flood Attack thatrenders a web server unavailable during the attack) or permanent(e.g., the deletion or destruction of the data).

The latter of these has become increasingly common in the caseof "ransomware" which is malware that encrypts all of the data onan infected system and the administrator is notified that if theydon't pay a ransom by a certain date that the key to decrypt thedata will be permanently deleted. (NOTE: This isconspicuously absent from the books discussion on malware but is aMAJOR issue right now.) While the temporary attacks may beless destructive, they are often done against systems that generatea lot of money (such as e-commerce websites) or at times when theyare most needed (e.g. Black Friday). Often these attacks comefrom overseas and, for individual cases, there may be little thepolice can do.

While there are ways to mitigate the effects of such attackssuch as firewalls and filters at the network edge or even inthe service provider network, often the best way to address anyattack on availability is through redundancy - i.e., alternatepaths, backup systems, data backups. Unfortunately, manyorganizations realize this too late.

If your business received a ransom demand under thethreat of a ransomware threat to destroy all of your data or a DDoSattack on a day where your servers were generating $1,000/minute inonline sales, would you pay? What would go into your decisionmaking process? What if you don't have a backupplan?