CIA Triad

Posted by alatt006 on

Abstract

                Cybersecurity consists of three main pillars, these pillars are confidentiality, integrity, and availability. These three, known as the CIA triad, are a model that creates the basis for the development of security systems and provides solutions to potential issues.  There are two requirements to access these systems: authorization and authentication. Authentication verifies a user’s identity and authorization assigns a role to a user. Each role is attached to a different set of data or systems that fit their job or role in the company. By utilizing identity access management and the principle of least privilege, the chance of human error or unauthorized access of data is kept to a minimum. Matching data to who is authorized to access the data is important to keep potential leaks in data. Using these principles will make a business or government more resilient to insider threats and external threats.

CIA Triad

                Confidentiality, Integrity, and Availability represent the foundational principles when designing security systems and solutions to potential issues. Each of these principles is vital to a business or government. Confidentiality to safeguard sensitive information takes many forms: separating data based on the damage it can do in the wrong hands, Two-factor authentication, and biometric verification. Integrity keeps track of all the changes to data, from editing a file or accidentally deleting files. Checksums and digital signatures on documents prevent the denial of the person who accessed and changed files ensuring file security (Hashemi-Pour, 2023).

                Companies and governments need to access data. Ensuring all hardware is properly maintained through software updates and routine physical repairs. In mitigating potential bottlenecks, proper bandwidth to all systems is maintained to reduce downtime. When hardware failures do happen, providing redundancy and failovers will keep systems available to those who need to access the data. Other methods are high-availability clusters or RAID configurations, duplication of data across multiple drives protects sensitive data and increases the uptime that’s needed for a company or government (Hashemi-Pour, 2023).

Authentication vs Authorization

                Dividing users into certain roles ensures that users only have access to resources that are needed to do their job. Access controls are in place to prevent unauthorized access of data, people outside of the network cannot access data without first authenticating.  Authentication ensures the user signing is who they claim to be, authorization determines if the user has permission to access data or system. To give an example of this, a cashier tries to authenticate with a computer system to access personnel records using their own credentials. The system will deny the cashier access since their not a manager, only the manager can access those records. Separating the roles within a company prevents unauthorized access from users inside the company and outside the company. Roles protect critical information for the company and personal information from being compromised. Systems require more than just a username and password, such as device recognition to verify the user is signing into a managed device. Biometric authentication via fingerprint readers or voice recognition to verify user identity. If a user does not have permission to access the resource, they will be denied access (OKTA, n.d.).

                Identity access management (IAM) gives gradual control over what users can access based on their role in the company. IAM operates on the principle of least privilege, which is a security principle that restricts the access privileges of users to the minimum necessary to accomplish assigned tasks (NIST, n.d.). Data breaches are the result of human error, making 90 percent of data breach incidents are caused by employee error (OKTA, 2024). Separating roles increases efficiency and uptime for the company. Restricting access to only what is required for the job reduces human error.

Summary

                The CIA triad encompasses many different aspects in system design and security. Ensuring high availability and data integrity keeps a business reliable and secure. IAM and the principle of least privilege for the best security practices keep work efficient and minimize human error. Separation of data by user roles makes tracking changes to data and data recovery more efficient. A secure and reliable system makes businesses and governments more resilient to potential threats.

References

 

Hashemi-Pour, C. (2023, December). What is the CIA triad (confidentiality, integrity and availability)? Retrieved from techtarget.com: https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on

NIST. (n.d.). Least Privilege. Retrieved from Nist.gov: https://csrc.nist.gov/glossary/term/least_privilege

OKTA. (2024, August 26). Principle of Least Privilege: Definition, Methods & Examples. Retrieved from https://www.okta.com/: https://www.okta.com/identity-101/minimum-access-policy/

OKTA. (n.d.). Authentication Vs. Authorization. Retrieved from Auth0 by OKTA: https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization

Leave a Reply

Your email address will not be published. Required fields are marked *