The CIA triad in cybersecurity
What is CIA Triad (Definition), Why is it Important?
The CIA triad reminds users of 3 important principles in cybersecurity, which are Confidentiality, Integrity, and Availability of information and related resources. This triad forms a unity representing all pertinent security aspects which inform an organization’s IT department security guidelines.It is important to observe safe usage of the internet and technology resources and guard ourselves against activities that can compromise the CIA.
Confidentiality, Integrity and Availability in CIA Triad
Confidentiality: is the security aspect that ensures that only authorized persons have access to information. Information should be accessible to the designated people and its confidentiality needs to be maintained. Confidentiality can be ensured by taking measures such as multi-factor authentication where a user provides several authentication features to gain access to information.
Integrity: seeks to ensure the trustworthiness of information, in that it ensures that information has not been altered both in transit and at rest. Hashing can be used to ensure the integrity of information by comparing hash values of information stored or being transported.
Availability: refers to information being accessible to users when they need it and at their convenience. Availability is maintained through backups and mirroring of systems to ensure access of systems in the event of an attack such as Denial of service attack.
Related: ZERO-DAY ATTACKS
Examples of CIA Triad
ATMs at the bank are a good example of how CIA Triad works. ATMs were designed with the principles of CIA triad in mind.
- Confidentiality is ensured by two-factor authentication where one has to provide the debit card and PIN code before accessing a specific account.
- Integrity is taken care of by maintaining a log of a activities of a particular account including bank transfers, withdrawals and deposits.
- Availability is ensured as ATMs are accessible to the public at all times.
Ronalds LLP is partnering with organizations to ensure no compromise ( Ransomware, Spyware and Viruses, Social engineering, etc )