CIA Triad | Confidentiality, Integrity & Availability
When we go for basic level certification such as CEH or advanced level certification such as CISSP i.e. (Certified Information Systems Security Professional), CIA is the common topic we study. CIA triad is the first step, if you want to setup cyber security checks and policies irrespective of the organization size.
To understand Security and Risk Management from professionals’ point of view, we need to understand and implement the concepts of Confidentiality, Integrity, and Availability. This CIA TRIAD is one of the cyber security essentials because it defines primary goals and objectives of a security infrastructure or secure IT environment.
The first principle of the CIA Triad is confidentiality.
The goal of confidentiality is to prevent or minimize unauthorized access to data. Confidentiality focuses on ensuring that no one other than the intended recipient of a message receives the information or is able to access it. It prevents unauthorized users from accessing the information.
Having confidentiality means, your secure environment offers a high level of assurance that- data, devices and resources are restricted for unauthorized access. Having confidentiality does not mean that your environment will not face cyber-attacks. There are numerous attacks that focus on the violation of confidentiality. These attacks may be social engineering attacks, port scanning, capturing network traffic and stealing password files, sniffing, escalation of privileges, etc. Violations of confidentiality are not limited to these attacks, there are many instances of unauthorized information disclosure of sensitive or confidential information because of human error, it may be oversight or ineptitude of the cyber security team.
Security controls that can be implemented to ensure confidentiality are encryption, access controls, and steganography etc.
Integrity is the second principle of the CIA Triad. Integrity protection means there is no unauthorized modification of data or information. Whether it is operating system or other software that are associated with the device or data are not compromised. Protection from unauthorized modifications means protection against malicious unauthorized activities by viruses, intrusions and of course human error. At times unintentional alterations have been found when administrator was transferring data from one device to another device. Alterations should not happen during transit, or while processing some information or even when it is being backed up for storage purpose. Even if there has been a minute modification in some file or any associated file has been deleted , it is considered as Integrity breach. Integrity breach may happen because of a misconfigured security control also.
Therefore, activity logging should be implemented to ensure that only authorized users are able to access their respective resources.
The third principle of the CIA Triad is availability. Availability ensures that supporting infrastructure such as network services, access control mechanisms etc are fully functional and only authorized users can access the resources. Threats to availability may occur due to device failure, software errors, and environmental issues such as (heat, power loss, flooding and so on). There are some cyber-attacks that focus on the violation of availability, it may be Denial of Service (DoS) attacks, device destruction, and communication interruptions.
Availability breaches may occur, if accidentally some files are deleted, or by overutilizing a hardware or software or by under-allocating resources, or even by mislabelling or incorrectly classifying the devices.
Availability depends on both integrity and confidentiality. Without integrity and confidentiality, availability cannot be maintained.
Hope you understood CIA triad, attacks which may lead to breaches and the step we can take to ensure CIA. In case of any question do write in the comment box. Hit “like” button, subscribe and share the channel cyberpathshalaindia with others as well so that information can reach up to more and more people.
Subscribe YouTube channel for future updates https://www.youtube.com/cyberpathshalaIndia