CIA Triad

Posted on by

The CIA triad is an information security model that serves as a guideline and rests on three core principles. These principles are Confidentiality, Integrity, and Availability and each represents a different aspect of information security. Its purpose is to provide a sort of guideline for information security professionals to design systems around balancing the three principles and ensuring all of them are considered. Confidentiality is the principle of ensuring that only those who should have access to certain information are the ones who have access. Some information is sensitive and there are varying degrees of confidentiality, with more defenses needed for more confidential information. This principle is protected by measures like passwords, face-scanning technology, or two-factor authentication as these measures ask for information that only the correct users should have. Integrity is the principle of ensuring data remains in the correct form and is not altered in any way that would harm those who utilize it. The information must be in the correct form to be properly utilized and integrity is concerned with keeping data safe from unwanted alteration. Notifying users when changes are made and having certain information exempt from editing unless a password is provided are some possible ways to defend against dangers to integrity. Availability is the principle of information always being available to those who are given permission to access it. It differs from confidentiality because confidentiality seeks to ensure those who do not have access to the information do not gain access, while availability seeks to ensure the data stays accessible to those who do have access. Some of the best defenses would be firewalls, stronger servers, and using practices like penetration testing to find vulnerabilities in your defenses. Authentication and Authorization may sound similar, but they ultimately serve two different purposes in information security. Authentication is simply the verification of your identity, ensuring that you’re who you say you are, while authorization ensures that you have access to the information or resources you are trying to access. For instance, a system may ask for a password, security question, or facial recognition technology to authenticate your identity while the system may check your admin status or ask for admin-specific commands.

Sources

Fruhlinger, J. (n.d.). The CIA triad.pdf. Google Drive. Retrieved March 15, 2022, from https://drive.google.com/file/d/1Mn3icTLG5X3W7tJjuDaohW8OscHdLOQI/view

Leave a Reply

Your email address will not be published. Required fields are marked *