The CIA Triad
Not to be confused with the Central Intelligence Agency, the CIA Triad references basic security principles from the early 1990s specific to Confidentiality, Integrity, and Availability. These three pillars stand as the fundamentals of software security. Every security best practice or framework references the need for these three pillars either by title or described in principle within the various domains or safeguard definitions.
Over time, we’ve come to know and understand what confidentiality and availability mean from the likes of Gartner and other analysts. However, one overlooked element has been the lack of definition of what integrity means to the software security practitioner and industry at large. So, what does integrity mean?
Integrity is often associated with File Integrity Monitoring (FIM), but the problem with this concept is that integrity does not occur simply by simply detecting change. The real question is about the (Read more...)