The CIA Triad

Posted by euria002 on

Privacy is something we all crave and deem necessary for our day to day lives.  We may not be hiding any major life secrets, but even the slightest hint of our information can create a major difference and chaos in our lives. Therefore, it is without a doubt, key that we protect and secure every and any information that we hold to ourselves and share them with only trusted companions. 

Any outside observers should be viewed as a threat. 

The CIA-Triad is made up of three major policies, confidentiality, integrity, and availability for information security in organizations. These concepts are much needed in organizations who have valuable data that need protecting. The CIA-Triad should be viewed as the backbone of security systems. 

Why is confidentiality important? As stated above, we should only keep information to ourselves or trusted companions. A reason why jobs take the time to interview a potential employer and check their background. The same reason, applications ask us for references.  To see if we can be trusted. We wouldn’t give our debit card to a total stranger now would we? Of course not.  But maybe to our parents or siblings, no problem. 

Why is integrity important? As aspiring cybersecurity experts, we are given the opportunity to learn. With knowledge comes great responsibility and consequences.  We could either chose to use our knowledge in technology ethically or criminally.  Being an ethical hacker is useful, and can help you and a lot of people.  But being a criminal hacker can land you in jail or harm those who you are stealing information from.  In the CIA-Triad, integrity can also just mean making sure data information is accurate. 

Why is availability important? If it is your information, you should be able to access it with little to no problem. If it is not your information, it should never be available to you. 

Availability really ties in with Authentication and Authorization. When working for an organization, you must know where you stand in the pyramid. The owner of the company should have access to all information about his company.  Therefore he has both authority access and doesn’t require much authentication-but it is still important. But, a new employee is no is just getting their foot into an IT team, only has authorization for certain information, not all.  The head of the IT team may have way more information accessible to him due to his time and experience on the job. He has gained trust (confidentiality), and his boss should know by now that he has great integrity.  

Authentication is important for an organization.  It basically means “who are you? How can you prove it?” Think of this as MFA (multi factor authentication). This protocol sends you more than one way to prove your identity.  Plugging in a username and password is not good enough these days.  We need extra steps before accessing certain pages and accounts because of the sensitivity of data the page may contain. 

Leave a Reply

Your email address will not be published. Required fields are marked *