Nathan Guman

CYSE 200T

February 15, 2025

Information Security Core Principles

BLUF: Confidentiality, Integrity, and Availability (CIA) are the core principles that form the foundation of information security. Authentication and Authorization are vital principles that complement and strengthen the CIA triad, ensuring that data remains secure, protected, and accessible only to the right individuals. “The model is also sometimes referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with the Central Intelligence Agency.” (Chai, 2022)

Components of the Triad

1. Confidentiality:
Confidentiality refers to the practice of ensuring that sensitive information is only accessible to those who are authorized to view it. This principle safeguards personal data, intellectual property, and other private information from unauthorized access. Mechanisms such as encryption, access control lists, and secure communication protocols are the most common methods to maintain confidentiality.

2. Integrity:
Integrity ensures that data remains accurate, consistent, and unaltered during storage, processing, or transmission, except by authorized entities. This principle is about maintaining trustworthiness in data. Techniques like hashing, checksums, and digital signatures are commonly employed to validate that data has not been tampered with or corrupted.

3. Availability:
Availability ensures that information is accessible to authorized users whenever it is needed. This principle emphasizes maintaining the functionality and reliability of systems and infrastructure that allow users to access data. It involves implementing measures to ensure system uptime, including redundant systems, load balancing, and regular backups. Security measures such as firewalls and intrusion detection systems also help in maintaining availability by protecting against attacks.

Supporting Principles: Authentication and Authorization

1. Authentication:
Authentication is the process of verifying the identity of users or systems before they can access a resource. It ensures that only legitimate users are allowed to interact with sensitive data. Typical methods of Authentication include something the only the user would know such as a password, something only the user has such as a security token, or something the user is such as biometric data.

2. Authorization:
After authentication verifies a user’s identity, authorization defines the level of access granted to that individual for the system or data. This ensures users can only interact with items according to their roles or permissions. One of the most common Authorization method is Role-Based Access Control (RBAC) “In an RBAC system, an administrator assigns each individual user one or more roles. Each new role represents a set of permissions or privileges for the user.” (Lindemulder and Kosinski, 2024).

Conclusion

The CIA triad is the cornerstone of information security, guiding how organizations protect their digital assets, systems, and data. By upholding Confidentiality, Integrity, and Availability, organizations establish a strong foundation to defend against cyber threats. Authentication and Authorization further bolster this framework by ensuring only authorized users can access information and perform actions according to their specific permissions.