Chase Lawson
The CIA Triad
This paper is going to outline why the CIA triad is so important within information security. Confidentiality, Integrity and Availability are the pillars of cybersecurity. In this fast-changing world we all interact with electronic devices, whether that be a computer or mobile device like a phone or tablet. One of the biggest attributes of today is that everything we interact with may be reachable through applications that can easily be downloaded to these devices. Before modern technology if you wanted to deposit or withdraw a check from the bank more than likely you would have to go directly to the bank. Now you can do that easily from a smartphone. With the easy accessibility of something like banking information can leave end-users vulnerable for theft. This is where CIA triad comes in and this is why it’s so important.
Confidentiality: Confidentiality is defined as measures to prevent sensitive information from unauthorized access attempts. What does that mean? Just about everyone today has an email account and suppose you want to access that email account. What do you need? Mainly a username and password which identifies you as the owner of that email account. With confidentiality that means that no one other than you can access that email account without the username and password. Same thing that goes for banking. If you have a checking account one of the ways they verify who you are is by an account number and routing number that will keep anyone else from accessing your bank account. I will take it a step further. In an organization there is generally a finance department that has access to spreadsheets with very sensitive information. Generally, these documents cannot be accessed without proper permissions that uniquely identify the user. This keeps sensitive information safe from people who aren’t authorized to view that information. Extra steps have been added to help with confidentiality such as Multi-Factor Authentication (MFA) or (2FA). This is an added layer of authentication to identify who you are. This can range from multifactor authentication to a pin number.
Integrity: Integrity is defined as making sure your data is trustworthy and free from tampering. One of the most popular things about the Internet today is e-commerce, mainly online shopping. When online shopping, sensitive information is inserted like credit card information. Hackers will attempt to steal that data and steal your credit card. Integrity is used to make sure that your information does not get tampered with when making online purchases. As data moves from one network to another there must be certainty that data does not get changed or altered in any way when in transit. One way to verify this is non-repudiation where nothing can be repudiated or denied, such as a digital signature in an email.
Availability: Availability is defined as a device like a computer or mobile device or even an atm being available to the people they serve. Without availability attempting to access email or banking information is useless if the device is not online so the information can be retrieved. Data must be stored and backed up regularly in the event of a natural disaster or denial of service attack. If data has become corrupted information would no longer be available. Another issue that can happen if there is a disruption of the backup being restored there would be a good chance that the backup can become damaged. Raid array disks and high availability failover can mitigate these risks of information no longer being available, making sure that information stays available.
In conclusion I have outlined the importance of Confidentiality, Integrity and Availability. Without the CIA triad personal information can either get compromised or become unavailable. The CIA triad work together to ensure that all information becomes and stays confidential when accessing various applications.
https://www.fortinet.com/resources/cyberglossary/cia-triad
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA