All About the CIA Triad

The CIA triad is one of the most important concepts in information security. I’m not referring to the well-known American intelligence agency. I’m talking about a model which explains the aims of cybersecurity implementation:

Confidentiality, Integrity, and Availability.

Ideally, you want your data to be confidential, have integrity, and be available whether you’re working in your home office as I am, or you’re running a massive datacenter. I’ll explain the components and some of the information security measures which are designed to assure each component.

Confidentiality

Confidentiality is all about making sure that data is accessible only to its intended parties. Attacks on confidentiality can include:

  • Cracking encrypted data
  • Man-in-the-middle attacks on plaintext data which is intended to be private (Why isn’t it encrypted then?)
  • An employee putting sensitive data on removable media such as SD cards or optical discs and giving it to unauthorized parties
  • Installing spyware malware on a data server which has private information, in order to transmit its data to attackers
  • Doxxing, which is leaking private information (such as social security numbers or phone numbers) about an individual or organization in order to do harm

The advent of cryptography is mainly about protecting confidentiality, but it also protects integrity. File and folder permissions, authentication vectors, and access control lists can also protect confidentiality. Confidentiality can also pertain to information which isn’t digital. If your office has a paper shredder, using it on paper documents with private information is also an information security measure which protects confidentiality.

Integrity

Integrity is all about making sure that data is kept properly intact without it being meddled with in an unauthorized way. Attacks on integrity can include:

  • Penetrating a webserver in order to embed malware into webpages and web server-side scripting
  • Maliciously accessing a financial server (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog