Kaden Koskovich
September 27, 2020
Cyber security can be complex and confusing. In order to understand it better you must know the basic concepts of the CIA triad. Understanding the triad will help you on your way to creating a secure, and successful, online enterprise.
To start, the CIA triad stands for confidentiality, integrity, and availability. Each aspect of the triad must be incorporated to properly secure data and information. First, confidentiality is all about ensuring the exclusiveness of your systems, data, and information. This is done by using authentication and authorization. First, authentication is the verification of a user’s credentials or making sure their credentials belong to them. Most commonly, Users receive passwords or pin numbers to authenticate their identity. Second, authorization is restricting access of certain information to certain people or limiting access to information outside of someone’s specified field. An example of this would be allowing a lab technician access to lab reports but not marketing data. Administrators typically assign clearance levels to users to limit unauthorized access.
Second, integrity refers to the reliability of your information. If anyone can alter your information then it lacks integrity. To maintain your integrity, your system must protect your information from unauthorized alterations. The most common ways to protect data integrity is by using fire walls, encryptions, and backups. Fire walls and encryptions prevent outside users from accessing your information, and they are difficult to breach without the proper keys. Backups are copies of your information kept in reserve in case of an integrity breach. When there is a need to restore the affected information, the backups will be used. Both backing up and restoring information are vital to repairing your integrity once it has been breached.
Finally, availability deals with the online traffic interacting with your system. Keeping the system sites running, and ensuring there is enough server space to handle traffic is vital in making your information available. An example of a threat to your availability is a “denial-of-service” attack. This type of attack uses artificial users called “bots” to overload your servers operation capacity. As a result, the server shuts down. In order to protect your servers from a “DOS” your system needs to detect suspicious patterns in the user traffic. A common way to prevent bots from entering your system is by using authentication, and ensuring that the users are real people.
A systems success is reliant upon its ability to maintain the confidentiality, integrity, and availability of its information. Information that isn’t private, isn’t reliable, and isn’t available is worthless. Protecting the value of your information is the goal of cybersecurity and it cannot be done without the CIA triad.
Works Cited
- 3 Strategies to Maintain Data Integrity in Your Organization. (n.d.). Retrieved September 27, 2020, from https://explorance.com/blog/3-strategies-to-maintain-data-integrity/
- Authentication vs. Authorization. (n.d.). Retrieved September 27, 2020, from https://www.okta.com/identity-101/authentication-vs-authorization/
- EI-ISAC Cybersecurity Spotlight – CIA Triad. (n.d.). Retrieved September 27, 2020, from https://www.cisecurity.org/spotlight/ei-isac-cybersecurity-spotlight-cia-triad/
- Fruhlinger, J. (2020). [PDF]. Los Angeles: IDG Communications, Inc.