CIA Triad

Posted by gridg001 on

The CIA stands as the guide for many organizations. CIA is also known as Confidentiality, Integrity, and Availability. It is the function of these organizations’ security systems. This is designed to govern and evaluate how organizations handle information daily. You should know that this is not something that is bought but understood. Realizing what your plan will be can allow you to set priorities where it matters the most for your situation. Furthermore, the security policies make teams choose productive decisions when it comes to the three elements.  

Confidentiality serves its purpose by keeping the information restricted to those that are not granted access. Preserving this data by any means necessary could also mean putting the information into a locked box. Essentially, you are dividing all this data into separate sanctions, while allowing only certain people who should have access to this information. Allowing people to access certain information depends on the sensitivity of the information. Countermeasures like passwords, access control lists, and authentication procedures should be used. 

Integrity is whether you can trust the information to be accurate. By maintaining this information, you will not allow hackers to modify or delete any information. Data in transit should not be modified. To keep data the way it was originally imputed, steps should be taken to keep this data protected. Most importantly, when someone was authorized to make a change that should not have been made, they should be able to reverse this damage. 

Availability, which is making sure that all your data is accessible by authorized personnel when needed. Keeping systems up to date and making sure that your systems can handle the daily information that is stored or transferred is a notable example. The key to this element is to keep everything balanced, monitoring the usage, keeping up with new hardware, and disaster recovery. 

Authorization is verifying who someone is and whether they can access any data or not. Though you may have access to the data, what you may or may not know is that you will not have access to every file there. This being one of the main ways to not allow accounts that have been hacked the availability to valuable data.  

Authentication is more so the process in which you identify someone who is truly them. This serves as the prerequisite before allowing some access to information. A few examples may include a password/PIN, a token of some sort via email or text, biometrics like fingerprints or voice recognition. 

Leave a Reply

Your email address will not be published. Required fields are marked *