The CIA Triad

Posted by oweav002 on

The CIA Triad is built on Confidentiality, Integrity, and Availability and together, these concepts help to form all policies and procedures for a business to function on. Each component of this model aids and protects an organization in a particular way and by breaking them down, we can see how they address and ensure the safety of a business and its customers.

Confidentiality-Authorize

Confidentiality ensures that only individuals authorized to view sensitive information have access to it. According to the reading, the author Wesley writes, “It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands” (para 3). Categories of importance are based on least to most critical if exposed by unauthorized users. A critical method for ensuring confidentiality in an organization is through multi-factor authentication, strong passwords, and training to keep employees aware of the types of threats that they may face.

Integrity-Trustworthiness

Integrity refers to maintaining the “trustworthiness” of the data an organization keeps. At any stage of the data’s lifecycle, it the organization’s responsibility to keep the data from being altered or changed from unauthorized users. Unauthorized modifications to data could lead to disastrous consequences not only to an organization but potentially the safety of the individual. Methods to keeping the integrity of data secure often involves data encryption, digital signatures, or hashing.

Availability-Readiness

Availability means that information must be readily available in a timely manner for access from those authorized to see or use it. This fact involves maintaining the hardware, networks, and servers within the organization. Methods to ensure an organization stays operational and available to users involves formulating a business continuity plan and disaster recovery plan which incorporates back up locations and hardware just in case of a natural disaster. Availability can also be accomplished by updating software.

Authentication and Authorization

Additionally, authentication and authorization are integral parts within the information security field. As mentioned above, Authorization is the act of granting access to certain individuals that have a particular job or role. Only permitted individuals will have access to certain resources to ensure security. Authentication is the process of verifying a user’s identity. Different methods of conducting authentication is through the use of physical objects such as ID cards or keys, passwords, or biometrics such as index fingerprints or retina scanners. Authorization typically follows authentication in any security posture. To give an example, a student at ODU authenticates his identity by signing into canvas with his unique username and password. Once verified, he is given authorization into his student account to perform his duties given only to the role of a student and none else.

Conclusion

Although there are some challenges with maintaining the CIA Triad, this model is foundational for any organization to incorporate in their policies when it comes to data classification and threat modeling. “Thinking of the CIA Triad’s three concepts together as an interconnected system, rather than as independent concepts, can help organizations understand the relationship between the three.” (Para 8).


Works Citied

Chai, W. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples. TechTarget. What is the CIA Triad_ Definition, Explanation, Examples – TechTarget.pdf – Google Drive

Leave a Reply

Your email address will not be published. Required fields are marked *