The CIA triad is a widely-known cybersecurity model. CIA is actually an acronym that stands for the three parts of the triad. They consist of Confidentiality, Integrity, and Availability. These three major components come into play when cybersecurity personnel go about securing their data, websites, and other online systems.
The first part of the triad, confidentiality, is essential to the integrity of a
system. Protection must be made in order to keep confidential information out of the wrong hands. Absolutely all essential or sensitive data must be kept safe or the chances are high that it will be leaked, and there is an abundance of ways to do this. Data can be stored in offline hard drives, in air-gapped computers, or be behind walls of two-factor or biometric authentication (Rouse, 2020). However, said data must still be easily accessible to those who have the authorization to access it. This is where the accessibility part of the triad comes into play.
In order to keep data easily accessible to those who need it, constant maintenance and updates of systems must be performed, inspection and replacement of broken or old hardware, as well as having backup plans for when systems do go down (Rouse, 2020). In the case of a fire in the server building, if there isn’t an isolated backup outside of the building it would take a very long time to get servers back online. In the case of a DoS attack, measures must be in place to either block the attack before it starts, or a beefy enough server to be able to handle DoS attacks.
Integrity in the triad refers to the credibility and consistency of data. In order to keep data credible and consistent, measures need to be in place to make sure the data can’t be tampered with. If anyone could go and edit pages on an online dictionary, chances are not every word would be correct among the many other inappropriate things that would inevitably be found. This is why authentication and authorization are so crucial.
Authentication is the ability of a system to verify that a user is who they say they are. As a computer doesn’t have eyes and a consciousness, a variety of methods are used to go about authenticating a user. Usernames and passwords, two-factor authentication, biometrics, crypto keys, security questions, and many more are examples of methods a system can use to verify identities of users.
Authorization is the ability of a system to block certain users from accessing specific data. In better terms, of allowing only certain users to access specific data. This plays a huge role in keeping the confidentiality aspect of the triad in place. This can be done by only allowing creators or admins to access certain files, such as the google doc template posted for this. The template is only able to be edited by the creator so that no one can go in and mess it up.