Before considering how cybersecurity systems bring meaning to our social interactions
and their value within technological environments, it would first be valuable to discuss some of
their guiding principles to better attain an understanding of them. The CIA Triad lays some of
the groundwork for a foundational understanding of cybersecurity professionals and their goals.
Cybersecurity principles also play a vital role in assuring data is only accessed and modified by
those authorized to do so. Through training and building a proactive rather than reactive
cybersecurity approach, attacks which could impede business operations with immense financial
consequences, such as ransomware, can be avoided.

The CIA Triad and Access Control principles

Sometimes referred to as the AIC to avoid confusion with the CIA Agency,
Accessibility, Integrity, and Confidentiality form the backbone of cybersecurity, ensuring
data is protected, accurate, and available only to those it should be in a timely manner.
Confidentiality are rules that limit access to information, Integrity assures that information
is trustworthy and accurate, while availability ensures reliable access to that information
but only to those allowed to access it (Chai, 2022). Each principle plays a vital role in
cybersecurity and can be elaborated further with specific examples.

Confidentiality

Users who have access to particularly sensitive data should receive extra training
on the risks involved with handling that data as well as methods to safeguard against the
risks. Confidentiality also suggests that users who are in such a position should be trained
on the best practices of passwords such as using a strong password, not sharing it or
writing it anywhere it could be found, as well as utilizing tools such as 2 Factor-Auth,
security tokens, or an “air-gapped” computer. Air gapped computer describes a pc that is
isolated from the network and other computers which are connected to the network
(Flinders, Smalley, 2025).

Integrity

Imagine a hospital storing critical patient data on a secure server. Integrity plays a
vital role in ensuring this data remains accurate and unaltered, protecting it from both
human errors and external manipulations. At its core, digital data consists of 0s and 1s,
stored and processed using electrical charges within capacitors. However, this structure
makes it vulnerable to unintended alterations, such as those caused by electromagnetic
pulses, which can disrupt the integrity of stored information. Maintaining data of good
integrity means utilizing backup systems to provide redundancy such as version control,
checksums for verification, backups, and even “digital signatures for nonrepudiation
measures” (Chai, 2022). This way data is backed up, and users are held accountable for
their actions within the environment.

Availability

What good would protecting and ensuring validation of data do if it were unavailable
to those who needed it most? To ensure availability of crucial data, it is essential that both
hardware and software systems be maintained on a regular schedule. Hardware should be
upkept to maintain a properly functioning operating system environment that is free of
software conflicts and provides proper bandwidth to prevent bottlenecks in
communication. In the worst-case scenario a plan must be in place to recover from an
attack and restore business operations. Some additional measures that could be taken
include utilizing RAID, failover, and other methods of redundancy. Monitoring systems
should be utilized so that a breach would be quickly discovered and an incident response
plan placed into action.

Access control

Unfortunately, society is chaotic and because of this cybersecurity efforts must be
made when building software that is going to involve storing sensitive data. I personally
tackled this cumbersome task with the last Android Application I constructed. In a
protected system, it’s important that anyone manipulating data is properly identified.
There are many methods of authentication, and most people online are exposed to them
on a regular interval including email/password, 2 factor auth where it sends a text to your
phone, perhaps an application where you click “Yes/No”, or maybe the user has an SSH
key.

Authentication vs authorization

The idea of authentication is verifying who you are while authorization focuses on
what you are allowed to do within this environment. Everyone entering my application had
to be authenticated, and if they elected to utilize the “Continue as a guest” function that I
had, they were not authorized to post data to the database. This was essential to
protecting my resources as storing data on a server costs money and I only wanted
genuine users to create authentic content. Authorization was a very important concept
within that environment due to my integration of social media like features such as
messaging. I placed policies in my database rules that users could only delete their own
data that they created this way user 1 couldn’t modify/delete user 2’s recipe they posted,
however as the server owner I could modify anyone’s data if necessary. I also allowed
groups to be formed, and groups could have moderators with control of all the posts within
that group. Authentication and later authorization would provide certain users with a
different GUI showing their escalated privileges.

The CIA triad and access control principles are fundamental to
cybersecurity, ensuring data remains protected, accurate, and accessible only to
authorized users. By implementing strong authentication and authorization measures,
individuals and organizations can safeguard sensitive information from both internal
misuse and external threats. As demonstrated in my own application, proper security
protocols not only protect digital assets but also enhance user trust and system reliability.
In an increasingly digital connected world, understanding and applying these cybersecurity
principles is essential for maintaining secure and robust systems.

The attack coming to eat Availability – Ransomware

Ransomware has teeth, and in the evolving landscape of cyber-security, few attacks pose
as serious a threat to availability as Ransomware. A form of malware that is specifically
designed to disrupt, damage, or obtain unauthorized access, ransomware is a type of
software that directly attacks an organization’s ability to operate. Attackers utilizing this
method don’t cast a wide net for a smash and grab style attack but rather research a
company and perform a methodical intrusion. Such attacks don’t just interrupt workflows;
they undermine the very trust that sustains organizations. In addition to being encrypted
out of its own data, an organization faces a potential chain reaction of severe
consequences including regulatory penalties, reputational damage, and the looming
threat of future breaches using stolen data.

According to the Cybersecurity & Infrastructure Security Agency’s Ransomware Guide
(CISA, 2024), these attacks are increasingly “strategic, persistent, and financially
motivated,” with modern variants employing double extortion, threatening both data loss
and public exposure. Similarly, Fortinet (2025) highlights that phishing emails, Remote
Desktop Protocol vulnerabilities, and software flaws remain primary vectors, underscoring
the need for layered defenses. The importance of monitoring and isolation of physical
hardware must also be stressed in this context for if an attacker was able to gain access to
the system, they could install it manually via download or even USB.

Fortunately the risk can be mitigated though proper training and strict adherence to these
standards: Don’t click suspicious links or attachments in emails from unknown senders;
these should be filtered and placed in spam as suspicious automatically. Endpoint
protection should be utilized that features monitoring of the behavior occurring on the
network. Patches should be applied regularly to maintain an up-to-date system. Unused
RDP ports should be secured and encrypted with 2FAuth. Lastly, all employees interacting
with the system should be trained in the risks associated with the consequences of
allowing a ransomware attack to occur. “Ransomware is more about manipulating
vulnerabilities in human psychology than the adversary’s technological sophistication.” –
James Scott, Institute for Critical Infrastructure Technology.

Bringing it all together

Ultimately cybersecurity systems are not just technological structures but rather
pillars which build the foundation of our modern infrastructure and allow for the secure
exchange of information in a digital space. Beyond their technical function, cybersecurity
frameworks like the CIA Triad and access control mechanisms reflect and reinforce core
societal values like trust, accountability, privacy, and resilience. They shape how we
interact, how we govern, and how we protect our digital identities in an increasingly
interconnected world. As we continue to digitize every aspect of life, cybersecurity
becomes not only a defense mechanism, but a defining structure of social order and digital
citizenship.

Cited:

• Cybersecurity & Infrastructure Security Agency. (2024). Ransomware guide. U.S.
  Department of Homeland Security. Retrieved from
• Fortinet. (2025). How to prevent ransomware. Retrieved from
  Chai, W. (2022, June). What is the CIA Triad? Definition, Explanation, Examples.
  Flinders, M., & Smalley, I. (2025, April 17). What is an air gap?. IBM.