{"id":282,"date":"2024-01-27T17:34:53","date_gmt":"2024-01-27T17:34:53","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/jordan\/?p=282"},"modified":"2024-01-27T17:34:53","modified_gmt":"2024-01-27T17:34:53","slug":"the-cia-triad","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/jordan\/2024\/01\/27\/the-cia-triad\/","title":{"rendered":"The CIA Triad"},"content":{"rendered":"\n<p class=\"has-black-color has-text-color has-link-color wp-elements-8a1039e9f77f65f8ab80185b071dfa41\"><br>In cybersecurity, the CIA stands for Confidentiality, Integrity and Availability, which in Wesley Chai\u2019s article is a format designed for security policies within an organization in which everything that is performed meets these criteria&#8217;s or at the very least close to it. It\u2019s essentially an important but bare minimum format to follow security policies as otherwise intended. However, the article states that regardless it doesn\u2019t always meet the standards necessary and is in need of improvement. Still, these are an important fraction when it comes to meeting security standards.<br>Confidentiality is a one word term that means to keep data, information and other pieces as private as possible. Being able to access important info like classified data has to be keep within a specific party that only authorized users can gain access to, whether it\u2019s intentional or accidental (<em>Fortinet 2024<\/em>). In order to ensure that info isn\u2019t accidentally slipped through to an attacker as an example, security measures should be implemented in place and updated to maintain confidentiality. Direct attacks such as a Man in the Middle Attack, or MITD,  is when an attacker intercepts the data as it\u2019s in transition (Fortinet 2024). For another more simple example, letting someone know the credentials to get into an account while someone else listens in on the credentials being said which would then grant them unapproved access to someone&#8217;s account or sensitive data. Knowing how to keep information as private as possible is however only the first step to triad.<br><br><br>Integrity is the maintaining of data being legitimate and unchangeable should there ever be a breach of confidentiality. However this doesn\u2019t always include just attackers. Washington University in St. Louis states that system malfunctions can interfere with its infrastructure and alter its components as well, or even just simple human error. Further explanation on how integrity can be maintained is to have a backup system like cloud storage readily available as needed to store untampered data. The WUSTL box folder will do this automatically wherever data is shared with authorized users (Washington University of St. Louis 2024). Using private or public key encryption as data is being transferred maintains integrity as it\u2019s using a public or private key to make data into cipher text, meaning that even if there is a direct attack of any kind, the attacker needs a key to decrypt the data they were trying to obtain. Only the person that has the key can decrypt it which would be an authorized user. This then leads into the last third of the triad which is Availability.<br>Wesley Chai\u2019s article describes availability as making all the necessary information always available whenever needed only for authorized parties. This can tie in with the cloud storage and WUSTL box example said earlier. All infrastructure needs to be secured from the unauthorized parties but events may happen that can prevent authorized experts from getting to their resources. A report written by Luke Irwin on IT Governance provides examples showing events where availability is hindered. Power outages that shut off all systems holding in information, operations will stop until then. If data happens to be encrypted by an attacker through ransomware, information is then once again unavailable to be viewed. <br><br>Since cyber security within the CIA triad has to do with a lot of authorization and authentication, it\u2019s important to know their distinctive differences in order to not mix up the actions when sharing sensitive information.  Before any systems get accessed it\u2019s important to know the person who is being allowed into messing with the systems, which is where authentication takes place and why it happens first before any actions are done after. SailPoint technologies example provided is in order to let passengers on a plane, they need to first be identified that they are who they say they are. After the passenger has been identified, it\u2019s time to see what the passenger is boarding the plane for which would be information about a destination, first class VIP flight. From these examples, authentication is about the person\u2019s identity whereas authorization is what the person is allowed to access. <br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In cybersecurity, the CIA stands for Confidentiality, Integrity and Availability, which in Wesley Chai\u2019s article is a format designed for security policies within an organization in which everything that is performed meets these criteria&#8217;s or at the very least close to it. It\u2019s essentially an important but bare minimum format to follow security policies as&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/jordan\/2024\/01\/27\/the-cia-triad\/\">Read More<\/a><\/div>\n","protected":false},"author":28538,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/posts\/282"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/users\/28538"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/comments?post=282"}],"version-history":[{"count":2,"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/posts\/282\/revisions"}],"predecessor-version":[{"id":287,"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/posts\/282\/revisions\/287"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/media?parent=282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/categories?post=282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jordan\/wp-json\/wp\/v2\/tags?post=282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}