<\/p>\n\n\n\n
The CIA Triad (sometimes called the AIC triad) model is intended to be a guideline for information security policy in an organization. The triad’s three key concepts are confidentiality, integrity, and availability.<\/p>\n\n\n\n
Confidentiality<\/strong> Integrity<\/strong> Availability<\/strong> Conclusion<\/strong> References<\/strong> The CIA Triad (sometimes called the AIC triad) model is intended to be a guideline for information security policy in an organization. The triad’s three key concepts are confidentiality, integrity, and availability. ConfidentialityThe confidentiality concept can be compared to privacy. The more sensitive a piece of data is the more damage can be done by… <\/p>\n
The confidentiality concept can be compared to privacy. The more sensitive a piece of data is the more damage can be done by it falling into the wrong hands. For this reason it is important to ensure that only those authorized are able to access critical information. Authentication with user ID and passwords are two of the most common ways to maintain confidentiality but some organizations will go as far as to keep sensitive data in hard-copy form.<\/p>\n\n\n\n
The integrity concept focuses on maintaining the trust in your data. Back-ups can be used to ensure redundancy in an organization’s data but it cannot by itself prevent malicious changes in data to occur. According to Chai (2022), “digital signatures can be used to provide effective nonrepudiation measures, meaning evidence of logins, messages sent, electronic document viewing and sending cannot be denied.\u201d This can create an obstacle for insider threats and black hat hackers while also leaving a paper trail for authorized users making simple errors.<\/p>\n\n\n\n
The availability concept deals with the consistency of access for authorized users. Whether dealing with hardware or software there are many facets to this concept. Regular hardware maintenance and the evolving hardware requirements are constantly changing and cannot always be predicted. Events like fires, earthquakes, and power outages must be accounted for. Like hardware, software is also constantly evolving. Threats like zero day attacks and denial of service attacks can necessitate very rapid changes in software and hardware.<\/p>\n\n\n\n
The CIA model\u2019s three key concepts should form the base for information security policy. Users should be authorized to access what they need. This authorization should be authenticated with at the minimum a username and password. The information should be protected from being stolen, changed or deleted. Hardware and software should be protected from natural events and hacking threats.<\/p>\n\n\n\n
Hashemi-Pour, Cameron, and Wesley Chai. \u201cWhat Is the CIA Triad?: Definition from TechTarget.\u201d What Is the CIA Triad (Confidentiality, Integrity and Availability)?, TechTarget, 21 Dec. 2023, www.techtarget.com\/whatis\/definition\/Confidentiality-integrity-and-availability-CIA.<\/p>\n","protected":false},"excerpt":{"rendered":"