CIA Triad

BLUF

This article by Wesley Chai is about the CIA Triad, which is an acronym for confidentiality, integrity, and availability, based on keeping computer systems and data safe.

Confidentiality

Confidentiality has to do with keeping information secure so that nobody else has access to it. Some methods that improve confidentiality are using secure passwords to access sensitive data and making sure only the correct people have access by using the principle of least privilege. Another would be training employees to see through scams like phishing and whaling so that they don’t accidentally give away that information.

Integrity

The integrity of data is determined by whether there were any unauthorized changes made to it. One way you can check this is by matching digital signatures from previous backups, because if no changes were made, the hashes will be identical.  Another method to help with this would be to keep logs of everyone who logged in to a certain server or accessed a specific document. This can also help with nonrepudiation because if someone did access a document, you could ask them to bring up the logs to verify if it was them or a threat actor. 

Availability

Availability refers to keeping the data available for access and keeping the systems that house it up and running. One possibility to improve this is by having a disaster recovery plan. This is a list of steps on what to do in case of an emergency, like the power going out or the entire system going offline from an attack.  One step of this plan that would be towards the top of the list as a preventative measure would be to have backup generators if the power goes out, so that the time the data is offline is minimized. Another step would be to have dedicated hot, warm, and cold sites for use in case of an emergency, like a whole building is destroyed in a natural disaster. 

Conclusion

The article by Wesley Chai was very informative about ways the CIA triad works and explains it very well, even using examples of what people would do in a real-life situation for each part of the triad. 

References

“What Is the CIA Triad_ Definition, Explanation, Examples – TechTarget.pdf.” Google Docs, drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view.