CIA Triad

Posted by ccarr035 on

Cyber-attacks are becoming more frequent and complex. Organizations want solutions on how to protect the secrecy of data, consistency of data, and availability of data. This is where the CIA Triad comes into play. CIA stands for confidentiality, integrity and availability. The CIA Triad acts like a model, and guides an organization to design policies for cyber security. The model does not 100 percent protect data, but can lead to improved security.
Confidentiality is like the privacy of information. The purpose is to protect sensitive data being accessed by unauthorized users. Confidentiality, also helps an organization to list what certain data needs more protection. For example, comparing both my navy federal app, and steam account, I would list my navy federal app more important than the steam account. Reason being that the app contains account, and routing number. The steam account does not contain and sensitive information. Thus, there is not any risk involved if the account is not well protected.
Integrity is preventing any data bring changed or deleted from unauthorized users. An example of an integrity beach, is if a hacker seizes data and alters it. Integrity ensures that data remains constant, reliable and accurate. The final component, availability, ensures that systems, or data can be readily accessed to anytime a user needs them.
There are various methods organizations can implement confidentiality, integrity, and availability. For example:
Confidentiality:
• 2 factor authorization,
• data handled based on an organization’s privacy level.
integrity:
• Have backups
• Have data logs, and access control
Availability:
• Update software and applications constantly
• Have a data recovery plan
• Server monitoring systems

There are distinct differences between authentication, and authorization. Authentication involves the verification of a user, while authorization is verifying is the user does or does not have access to a system. An example of authentication is an individual passing through security at an airport. The individual has to present an Id or passport, to give clarification that they are who they say they are. For authorization, an example can be an employee who has passed the authentication process, and a system checking what level of access that employee has in the company.



References
https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA

Leave a Reply

Your email address will not be published. Required fields are marked *