• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.701 ■ Fall 2024 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project
  • Zoom link

Question 2

October 23, 2024 by David Lanter 28 Comments

Suppose an organization is only able to filter and selectively block either: a) network traffic coming into its intranet from the internet (incoming) or b) network traffic going out to the internet (outbound).  With respect to each of the 3 information system security objectives (i.e. confidentiality, integrity, and availability), if you could only filter and selectively block one network traffic direction which one you would you concentrate on and why?

Filed Under: Unit 10: Network Security Tagged With:

Reader Interactions

Comments

  1. James Nyamokoh says

    October 24, 2024 at 2:05 pm

    If an organization can only filter either incoming or outbound traffic, it is generally more critical to filter incoming traffic. From the perspective of the three security objectives:

    a). Confidentiality: Incoming traffic filtering can block malicious actors from accessing sensitive data and unauthorized access attempts.

    b). Integrity: Filtering incoming traffic prevents the introduction of malicious code or malware that could compromise data integrity.

    c). Availability: Blocking harmful incoming traffic reduces the risk of denial-of-service attacks and system overloads, protecting system availability.

    While outbound filtering is important to prevent data exfiltration, focusing on incoming traffic first is crucial because it acts as the primary defense against external threats that could compromise all three security objectives.

    Log in to Reply
    • Nelson Ezeatuegwu says

      October 25, 2024 at 10:51 pm

      Hi James

      I like how you pointed out the importance of outbound filtering to prevent data exfiltration because it can prevent malicious software already inside the system from communicating with external servers, thus hindering data exfiltration and further infection, even if an attacker has managed to gain initial access to the network.

      Log in to Reply
  2. Christopher Williams says

    October 25, 2024 at 3:58 pm

    If I had to choose, I’d focus on filtering incoming network traffic because it more directly protects all three main security goals: confidentiality, integrity, and availability. Blocking incoming threats, like unauthorized access, helps keep sensitive information safe from outside attackers and limits exposure of confidential data. It also protects data integrity by stopping harmful code that could alter or corrupt important information. Referring to what is mentioned in question 3, filtering incoming traffic reduces the risk of denial-of-service attacks, which could otherwise disrupt access for users. While filtering outbound traffic is important to prevent data from leaking out, focusing on incoming traffic provides stronger overall protection by stopping threats at the entry point.

    Log in to Reply
    • Brittany Pomish says

      October 28, 2024 at 8:33 pm

      Good point Chris. I agree with focusing on inbound traffic to provide stronger overall protection. It seems like outbound is a secondary thought, while inbound focuses on building a strong barrier around the company. When thinking about outbound, the security objective that comes to mind is mainly confidentiality.

      Log in to Reply
  3. Nelson Ezeatuegwu says

    October 25, 2024 at 10:03 pm

    With respect to the information system security objectives (i.e. confidentiality, integrity, and availability), I would choose to block the inbound traffic, an attacker must enter a network to begin a breach, blocking inbound traffic will prevent unauthorized traffic from entering the network which protects sensitive information from being stolen and confidentiality of data.

    Blocking inbound traffic prevents malware attacks which includes viruses and worms that are self-replicating, spread from host to host by making copies of themselves. They carry pieces of code attached to a normal file or program, when the program is run, the code is executed and copies itself to infect other files thereby breaching the integrity of the affected files.

    Blocking the inbound traffic prevents distributed denial of service attack which targets server by overwhelming it with a flood of internet traffic, it also contributes to maintaining system stability and ensuring data availability

    Log in to Reply
    • Christopher Williams says

      October 26, 2024 at 12:21 pm

      Keeping out malware at the entry point is essential for stopping threats before they have a chance to harm files or disrupt systems. It’s definitely a smart approach for overall network security since phishing can compromise sensitive information and lead to further attacks. Although from a security standpoint it makes sense, and I agree. It still makes you wonder how should organizations balance blocking inbound threats with ensuring employees can still access external data without constant interruptions.

      Log in to Reply
      • Nelson Ezeatuegwu says

        October 26, 2024 at 8:05 pm

        Hi Chris

        My view is that every Organization would like to apply the baseline securities and deal with the inconveniences that comes with it, for instance in my company (mid size company) we release 10 emails on average everyday in Microsoft windows defender, users must give us a confirmation before those emails are released whenever Windows defender flags it.

        Log in to Reply
  4. Tache Johnson says

    October 26, 2024 at 3:03 pm

    It’s better to filter internet traffic than outbound network traffic if a company has to choose. This is necessary to achieve confidentiality, integrity, and availability in information security. By screening incoming communications, the company may secure critical data and maintain confidentiality. It also blocks viruses and ransomware that might affect network data integrity. Controlling incoming traffic decreases the danger of DDoS assaults and other external disturbances, ensuring key services and systems are available. The company may secure critical data and maintain confidentiality by screening incoming communication, helps the business build a solid defensive perimeter and guard against external threats, reducing vulnerabilities and ensuring safe operations.

    Log in to Reply
    • Andrea Baum says

      October 26, 2024 at 8:33 pm

      You present a strong case for focusing on incoming traffic filtering, especially when it comes to preserving confidentiality and data integrity. By protecting critical information and reducing the risk of DDoS attacks, this strategy creates a solid defense against external threats while ensuring that essential services remain available.

      Log in to Reply
    • Neel Patel says

      October 29, 2024 at 9:39 am

      Hi Tache! I agree that focusing on inbound traffic provides stronger overall protection. Inbound focuses on building more protection around the company. Outbound is not the primary concern. When I think of outbound, my mind leads to confidentiality. Monitoring outbound traffic helps protect against data leaks or unauthorized transmissions, which could compromise sensitive information if employees accidentally send out confidential data.

      Log in to Reply
  5. Ericberto Mariscal says

    October 26, 2024 at 5:55 pm

    If I could only filter and selectively block one network traffic, I would concentrate on incoming network traffic.
    • Confidentiality – blocking and filtering incoming traffic would help prevent unauthorized access to sensitive data. As we’ve learned, malicious actors often exploit vulnerabilities by sending harmful attacks into the network.
    • Integrity – incoming traffic filtering helps ensure that data entering the network is legitimate and has not been tampered with. It would reduce the risk of data integrity breaches by blocking malicious codes that could change data.
    • Availability – blocking harmful incoming traffic can prevent DoS attacks, which aim to overwhelm a targeted network, making the services unavailable for a period of time. By filtering incoming traffic, network availability is maintained and ensures that resources are accessible for end users.
    A case could be made to filter on either side, however I believe that focusing on incoming traffic provides a stronger initial defense, safeguarding the network’s core security objectives. Most external threats come from the internet into the network, by focusing on incoming traffic, we can significantly mitigate the incoming risk of attacks.

    Log in to Reply
    • Vincenzo Macolino says

      October 28, 2024 at 6:16 pm

      Eric, I agree with you and would focus on filtering incoming traffic. However I think it is important to also consider the positives of filtering outbound traffic as well. Filtering outbound traffic adds a layer of protection against data loss, integrity breaches, and availability risks originating within the network instead of trying to filter traffic as it is incoming.

      Log in to Reply
      • Brittany Pomish says

        October 28, 2024 at 8:35 pm

        I agree with you as well Eric. However, to Vincenzo’s point, outbound filtering appears to be more of a secondly defense. While it’s important, focusing on inbound helps build a barrier and high security around the 3 security objectives. It seems like filtering outbound mainly addresses the confidentiality objective.

        Log in to Reply
        • Ericberto Mariscal says

          October 29, 2024 at 6:28 pm

          Hi Brittany and Vincenzo,

          I agree, outbound filtering plays an essential role in preventing data exfiltration and ensuring that confidential information does not leave the network. Balancing both inbound and outbound is vital but prioritizing inbound helps fortify the organization.

          Log in to Reply
  6. Andrea Baum says

    October 26, 2024 at 7:22 pm

    Filtering incoming traffic is essential for maintaining confidentiality, integrity, and availability. By managing this traffic, organizations can block unauthorized access and prevent malicious intrusions, protecting sensitive data. It also safeguards data integrity by preventing harmful payloads from entering and corrupting systems. Additionally, filtering incoming traffic reduces the risk of attacks like distributed denial-of-service (DDoS), helping to ensure network availability.

    Log in to Reply
  7. Neel Patel says

    October 27, 2024 at 12:09 pm

    To prioritize IS security objectives, I would focus on filtering and blocking incoming traffic to protect confidentiality, integrity, and availability. Controlling incoming traffic mitigates threats from malicious actors trying to access or damage internal systems, while also preventing malware or unauthorized data access, which is critical for all three security objectives.

    Log in to Reply
  8. Vincenzo Macolino says

    October 27, 2024 at 1:02 pm

    I would prioritize blocking incoming traffic for addressing confidentiality, integrity, and availability. For confidentiality incoming traffic filtering protects personally identifiable information by blocking phishing attempts, or malicious attachments. By stopping potential attacks and filtering incoming traffic, an organization is able to protect their data from being tampered with. In respects to integrity, it is essential that an organization can maintain the reliability of their data and resources, filtering incoming traffic allows for organizations to protect their data before it can be altered. Distributed Denial of Service attacks are common and are designed to disrupt service and degrade availability. By filtering incoming traffic an organization is able to block malicious traffic and ensure that servers and networks are less vulnerable to unwanted traffic that could take systems offline.

    Log in to Reply
  9. Cyrena Haynes says

    October 27, 2024 at 1:15 pm

    I would prioritize incoming network traffic to address the three security objectives: confidentiality, integrity, and availability. Incoming filtering is essential for protecting sensitive information from external threats. By controlling incoming traffic, the organization can block unauthorized access attempts, thereby preventing malicious actors from infiltrating the network and accessing confidential data. This approach reduces the risk of data breaches and maintains the confidentiality of sensitive information. Monitoring incoming traffic can help protect the integrity of information systems. By filtering these incoming requests, the organization can prevent corrupt data from entering the system, thereby preserving data integrity, and reducing the likelihood of an attacker manipulating data. By focusing on incoming traffic, the organization can maintain continuous service availability for users, protecting against disruptions that could significantly impact operations.

    Log in to Reply
  10. Benjamin Rooks says

    October 27, 2024 at 4:31 pm

    I would block incoming traffic. This is because it affects all CIA the most out of the two.
    C – With incoming traffic blocked you only need to worry about leaks from internal actors instead of worrying about breaches from the rest of the world.
    I – Same as C, only internal threats could affect and change your data.
    A – Presumably everyone who would need to access your network would have access to it, so Availability would not be disrupted.

    Log in to Reply
    • Dawn Foreman says

      October 28, 2024 at 10:45 am

      I agree that following the security objectives blocking.filtering incoming traffic would be teh smartest of the two for a business to mitigate the most risk. In terms of availabiity, availability could be affected if incoming traffic was not blocked. Systems would be be vulnerable to cyber attacks that could potentially disrupt the system.

      Log in to Reply
      • Benjamin Rooks says

        October 29, 2024 at 7:33 pm

        Right I agree with you, I was talking about filtering incoming traffic in an effort to block cyber attacks. I think that we’re in agreement overall that blocking incoming makes the most sense.

        Log in to Reply
  11. Aisha Ings says

    October 27, 2024 at 6:08 pm

    If I were to selectively block one network traffic mechanism, I would block incoming traffic, as it provides the best protection across the board:

    It safeguards confidentiality by preventing external attackers from accessing sensitive information, using advanced firewalls and intrusion detection systems (IDS) to block unauthorized access.
    It protects integrity by blocking harmful payloads that could alter or corrupt data.
    It maintains availability by mitigating external threats, such as denial-of-service attacks, that could disrupt services.

    Log in to Reply
  12. Brittany Pomish says

    October 27, 2024 at 8:01 pm

    While both are important, if I had to choose, I would focus on filtering and blocking incoming network traffic. By focusing on inbound traffic, you can create a stronger perimeter in your overall information systems.

    Confidentiality – Filtering incoming helps prevent unauthorized access to information and gaining access to organization systems.

    Integrity – With focusing on filtering incoming traffic, you can work to prevent malware or ransomware attacks that could alter data.

    Availability – By filtering incoming traffic you can protect against DOS attacks and others that could disrupt availability of services, networks, and data.

    Log in to Reply
    • Cyrena Haynes says

      October 28, 2024 at 7:14 pm

      I agree with prioritizing filtering and blocking incoming traffic as a way to strengthen network security. Focusing on inbound traffic does indeed create a strong first line of defense, addressing the CIA triad effectively. By limiting unauthorized access at the outset, you’re minimizing risks to confidentiality, ensuring that only verified users or systems can access sensitive areas. For integrity, filtering out malware and ransomware threats before they penetrate the network reduces the chances of data alteration or corruption. And for availability, controlling incoming traffic helps mitigate DOS attacks, which can be crucial for organizations relying on continuous access to services and data.

      Log in to Reply
  13. Gbolahan Afolabi says

    October 27, 2024 at 11:18 pm

    Blocking external traffic coming into an organization would be a bigger priority when deciding which flow of traffic to block. Most, if not all external traffic attempting to connect to internal network resources can be categorized as malicious and can prove to be vectors for data exfiltration and denial of service attacks. On the other hand, blocking traffic going out to the internet may undercut productivity as most tools are now Software as a Service (Saas) based and require internet connectivity. Furthermore, employees can receive Security awareness training to combat cyber-attacks.

    When it comes to the Confidentiality, Integrity, and Availability, of an organization’s information and information systems, blocking incoming access will serve as a countermeasure to threat actors using less secured assets to gain access to confidential data and by extension prevent them from gaining escalated access to making unauthorized changes and modifications to information. Lastly, threat actors would be prevented from using attack mechanisms such as Denial of Service (DOS) attacks to overload systems and force them out of commission.

    Log in to Reply
    • Aisha Ings says

      October 28, 2024 at 10:17 pm

      Hey GB,

      Focusing on securing incoming traffic while reinforcing employee awareness through security training creates a balanced approach. This ensures that the organization’s confidentiality, integrity, and availability (CIA) triad is maintained while allowing employees to remain productive. Prioritizing this kind of defense helps reduce the risk of external attacks without compromising the necessary tools employees need to do their jobs.

      Log in to Reply
  14. Dawn Foreman says

    October 28, 2024 at 10:40 am

    If the option to filter or block network traffic coming in or going out, I would say it would be in the interest of the business to block traffic coming in. This would be the best option in respect to the security objectives, CIA. Confidentiality is at risk if a business is unabel to filter incoming traffic. The intenral systems would be more vulnerable to phishing attempts or malware. The integrity of the data will be compromised if malicious code attacks the system. Availability of the data will be limited if there is a ransomware attack or any cyber attack. This is not to say that filtering outgoing traffic is not important as well but if there was one to choose that would mitigate the most risk, it would be to block/fiter incoming traffic.

    Log in to Reply
    • Gbolahan Afolabi says

      October 29, 2024 at 10:05 pm

      Hello Dawn,

      I like the point that you made regarding phishing and distribution of malware. It would prevent threat actors from disseminating malware through phishing techniques and would prove exemplary when paired with a Security Education and Training and Awareness Program (SETA).

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (1)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (2)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in