CIA TRIAD

Posted by aspik002 on

“The CIA triad is a widely used information security model that can guide an organization’s efforts and policies aimed at keeping its data secure” (Fruhlinger). CIA stands for Confidentiality, Integrity, and Availability. Confidentiality meaning certain data and resources can only be authorized and accessed by certain individuals. Integrity means that the data and resources are protected from unwarranted individuals making changes, to make sure that the data is reliable. So that leaves Availability, which means the authorized individuals have the ability to access the data and resources. The CIA Triad does not have a founder, but it seems that a guy named “Ben Miller, a VP at cybersecurity firm Dragos, traces back early mentions of the three components of the triad in a blog post; he thinks the concept of confidentiality in computer science was formalized in a 1976 U.S. Air Force study, and the idea of integrity was laid out in a 1987 paper” (Fruhlinger).

The CIA Triad is a security model that serves to protect organizations and keep their data secure and safe from unwarranted individuals changing the data. “Security professionals evaluate threats and vulnerabilities based on the potential impact they have on the CIA, based on that evaluation, the security team implements a set of security controls to reduce risk within their environment” (Walkowski). Both Authenticating and authorizing are examples of security controls. Authorizing an individual, is making sure that the person is authorized to access information, by using cryptographic keys to determine who you are, example passwords. Whereas authentication determines who has the right to access the data (Fruhlinger).

“Examples of attacks that affect confidential information are bank account statements, credit card information, and government documents. Examples of attacks that affect integrity include data dibbling attacks, session hijacking, and MITM attacks. Lastly examples of attacks that may affect availability are DoS and DdoS attacks, SYN flood attacks, and physical attacks that may interfere with servers” (Ghahrai).

References:

Fruhlinger, J. (2020). The CIA triad: Definition, components and examples. Information Security Relies on Keeping Data Secure, Integral, and Available—but Tradeoffs Are Necessary in Real-world Scenarios.

Walkowski, D. (2019, July 09). What Is The CIA Triad? Retrieved September 27, 2020, from

https://www.f5.com/labs/articles/education/what-is-the-cia-triad

Ghahrai, A. (2020, May 01). Confidentiality, Integrity and Availability. Retrieved September 27, 2020, from https://devqa.io/confidentiality-integrity-availability/

Leave a Reply

Your email address will not be published. Required fields are marked *