This journal entry will explain the fundamental principles of the CIA Triad, diving into the different components and their purpose.
Introduction
The CIA Triad, often confused with the Central Intelligence Agency (CIA), is an organization’s base model of information security. It revolves around three principal components: Confidentiality, Integrity, and Availability.
Confidentiality
Confidentiality secures private information and is only accessible to authorized persons—the public needs to trust businesses with their information. Secured data is classified depending on the importance of the information and how much harm it would cause for the information to be breached. An aspect of confidentiality is using strong passwords. The more complicated the password is, the harder it is for unauthorized individuals to gain access to information (Hashemi-Pour, 2023). A vulnerability to confidentiality is phishing attacks; hackers send emails to deceive individuals into giving out sensitive information about themselves. Confidentiality makes it certain that only authorized individuals are allowed access their data.
Integrity
Integrity ensures that information stays accurate and consistent throughout the time it is in the organization’s hands. When data is moved, steps are taken to guard against unauthorized individuals. An SQL injection (SQLi) is a common vulnerability crucial to integrity; it allows the attacker to possibly delete and change data (University of Tulsa, 2024). Integrity, however, has its vulnerabilities such as malware and ransomware that could change or delete the user’s data. For the entire lifetime of the data, it should be secured and restricted from being changed or deleted (University of Tulsa, 2024).
Availability
Availability refers to the accessibility of information for authorized parties. The hardware must be properly maintained, and the systems must always be running. It ensures that the hardware and systems that store the sensitive information are properly managed. Some availability vulnerabilities include software bugs or misconfigurations, ransomware, or hardware failures (University of Tulsa, 2024). Glitches in the software could cause systems to be down, affecting the data availability to authorized users. Though this is not a human-caused problem, the cybersecurity or IT team would have to quickly find a solution to fix the bug. It is important to keep systems updated to prevent glitches. Additionally, damages to the servers can restrict users from accessing data. Natural disasters such as floods and fires could have an impact on the infrastructure; it must ensure that backup copies are stored to avoid data loss (Hashemi-Pour, 2023). Availability ensures that authorized users are able to access information whenever they please.
Authentication vs. Authorization
Authentication asks whether individuals are who they claim to be, while authorization asks what they are allowed to access. Authentication verifies the user’s identity, confirming that the individual trying to access the data is who they log in to be. Two-factor authentication is one way to authenticate the user attempting to access the data. Some sites send out text messages with codes to ensure the phone number in the system match. Authorization either grants or denies access to authenticated individuals. Once a user is authenticated, it must determine what they are allowed to access in the system. Authorization gives the user access and permission to certain parts of the system.
Conclusion
The CIA Triad guides information security through the three principles: Confidentiality, Integrity, and Availability. Confidentiality ensures that personal data is only accessed by authorized individuals. Integrity protects private data from unauthorized changes or deletion. Lastly, Availability makes sure that the information is easily accessed when needed by authorized individuals.