CIA Triad Write-Up

Posted by jwhet001 on

Josh Whetzel CYSE200T 9:30AM

            The CIA triad is the best security model that a company can use. Following this will keep your company confidential, available, and have solid integrity. Having these three things at the top of your list will ensure that your company or business will stay secure.

            The CIA triad is the most common used model for any organization. The CIA triad has no official creator or founder. Also, the CIA in this sense does not stand for Central Intelligence Agency. It stands for the three principles of the model: Confidentiality, Integrity, and Availability. The ancestry of this idea traces back about four or five decades.

            The confidentiality in this model represents security. Keeping something confidential means that it will only be seen by people that are selected. It also may be authorizing certain users instead of allowing general access. An example of a failure to do that would be something like the Marriott hack. They had been hacked for an extended period before they even detected a breach or something wrong. This cost them the information of about 5 million people that did business with them. This was not the first time they had been hacked and probably will not be the last.

            Confidentiality has two main branches: Authentication, and Authorization. Authentication is making sure a user is who they say they are. This could be done by an ID, a driver’s license, a passport, security tokens, your fingerprints, or even your eyes (like your phones facial recognition). Authenticating people before they enter a building or enter a virtual system is just another way to ensure everyone and everything’s safety.

            The other main branch of confidentiality is Authorization. Authorization is like authentication but obviously still different. Authorization determines who can work on a project and who cannot. This means people that are supposed to be working on something will be the only ones working on it, not just anyone. A good example for this would be a whitelist. Whitelisting is one of the best ways to ensure security. It is kind of like an unlisted YouTube video, the video is there but only people that have the link can view it. On a larger scale you would do this with servers and whitelist certain IP addresses of people working from home on remote access or only allow LAN devices to connect.

            Integrity is what the I in CIA stands for. Integrity is the upkeep of data. This allows for data to be secure and only allow authorized users to make changes. Almost every company will have this so that their data is still secure but can still be worked on and edited while keeping the integrity of the data. Unlike Wikipedia, anyone that logs in to the site and creates an account can go into any page and edit the data with no consequence whether the information be true or not.  An example of integrity would be an audit log. An audit log shows the exact data and time down to the millisecond of what user or users edited and what they changed.

            The last branch of the CIA triad is availability. Availability makes sure that the data is accessible. However, this ties in with the other two branches. The data being available does not mean that just anyone can access it. Only authorized users will be able to access the data. Usually big companies will outsource other smaller companies to manage the availability or their data and resources.

Leave a Reply

Your email address will not be published. Required fields are marked *