The Confidentiality, Integrity, and Availability (CIA) triad is a core principle of cyber security that was designed to guide the development and implementation of security policies. It ensures that data is protected from unauthorized personnel (Confidentiality), maintains accuracy (Integrity), and is accessible to users whenever information is needed (Availability). This fundamental framework used in cyber security serves as a foundation for protecting data and systems against cyber threats.
Confidentiality
Confidentiality is one of the three fundamental components of the CIA triad. It focuses on the protection of sensitive information from breaches and unauthorized access. Confidentiality can ensure that only authorized personnel or systems can access data. There are many types of threats to confidentiality. One example of these threats was mentioned in a blog published by Fortinet which talks about Man-in-the-Middle (MitM) attacks. This is when attackers intercept communications between parties to manipulate or steal confidential information. Ensuring that data remains secure and protected is important for regulations that we have today like Health Insurance Portability and Accountability Act (HIPAA), that mandates strict confidentiality standards when handling sensitive health data.
Integrity
Integrity is the second component of the CIA triad that I will be covering. Integrity ensures information has not been manipulated, ensuring the information can be trusted and relied upon. Maintaining integrity within an organization can be done by restricting who can modify data, having multiple copies of critical information in case of corruption, and tracking changes with monitoring systems such as Tripwire. A threat related to integrity could be an insider threat. This includes employees or users that may want to intentionally modify data
without authorization. Making sure that there is integrity within a business or organization is crucial for operations because prioritizing integrity prevents manipulation that could lead to damage to the organization, legal issues, or financial losses.
Availability
Availability is the last of the three components of the CIA that will be covered. When a business is making a point to be available it ensures that the workforce is able to meet the operational requirements like having timely access to data and applications when needed. When there are hardware failures, natural disasters or other things that are out of their control it is important that they are made available for recovery and maintaining trust with users. Availability builds trust and communication within an organization and their customers.
Authentication vs Authorization
Authentication and authorization are both important in cybersecurity but they serve different purposes. Authentication is used to make sure the user is who they claim to be and authorization decides what the user has access to. An example of authentication is when a student logs into their account and they are asked to enter a username and password. After the system has confirmed that the information is correct the user is granted access. Once the student is in their account they can view their grades and modules but they cannot edit or upload assignments because they are not authorized for that.
Closing Statement
In conclusion, the CIA triad is used as a foundation for cyber security to ensure that information is protected, without error, and accessible to authorized users. This all might seem tedious but implementing these three principles makes the framework more resilient. This timeless blueprint will continue to navigate the complicated digital world of cyber security.
Work Cited:
What is the CIA triad and why is it important?. Fortinet. (n.d.).
https://www.fortinet.com/resources/cyberglossary/cia-triad