Cyber-attacks are becoming more frequent and complex. Organizations want solutions on how to protect the secrecy of data, consistency of data, and availability of data. This is where the CIA Triad comes into play. CIA stands for confidentiality, integrity and availability. The CIA Triad acts like a model, and guides an organization to design policies for cyber security. The model does not 100 percent protect data, but can lead to improved security.
Confidentiality is like the privacy of information. The purpose is to protect sensitive data being accessed by unauthorized users. Confidentiality, also helps an organization to list what certain data needs more protection. For example, comparing both my navy federal app, and steam account, I would list my navy federal app more important than the steam account. Reason being that the app contains account, and routing number. The steam account does not contain and sensitive information. Thus, there is not any risk involved if the account is not well protected.
Integrity is preventing any data bring changed or deleted from unauthorized users. An example of an integrity beach, is if a hacker seizes data and alters it. Integrity ensures that data remains constant, reliable and accurate. The final component, availability, ensures that systems, or data can be readily accessed to anytime a user needs them.
There are various methods organizations can implement confidentiality, integrity, and availability. For example:
Confidentiality:
\u2022 2 factor authorization,
\u2022 data handled based on an organization\u2019s privacy level.
integrity:
\u2022 Have backups
\u2022 Have data logs, and access control
Availability:
\u2022 Update software and applications constantly
\u2022 Have a data recovery plan
\u2022 Server monitoring systems<\/p>\n\n\n\n
There are distinct differences between authentication, and authorization. Authentication involves the verification of a user, while authorization is verifying is the user does or does not have access to a system. An example of authentication is an individual passing through security at an airport. The individual has to present an Id or passport, to give clarification that they are who they say they are. For authorization, an example can be an employee who has passed the authentication process, and a system checking what level of access that employee has in the company.
References
https:\/\/auth0.com\/docs\/get-started\/identity-fundamentals\/authentication-and-authorization
https:\/\/www.techtarget.com\/whatis\/definition\/Confidentiality-integrity-and-availability-CIA
<\/p>\n","protected":false},"excerpt":{"rendered":"
Cyber-attacks are becoming more frequent and complex. Organizations want solutions on how to protect the secrecy of data, consistency of data, and availability of data. This is where the CIA Triad comes into play. CIA stands for confidentiality, integrity and availability. The CIA Triad acts like a model, and guides an organization to design policies… <\/p>\n