Confidentiality, Integrity, And Availability (cia Triad)
Table of Contents
The CIA triad (confidentiality integrity and availability), is a framework that guides information security policies within organizations. This model is sometimes referred as the AIC trio (availability.integrity.and confidentiality) in order to avoid confusion. The triad is considered to be the three most important components of security.
In this context, confidentiality means a set if rules that restrict access, integrity is the assurance of the information’s accuracy and trustworthiness, and availability is the guarantee that authorized individuals can have reliable access.
ConfidentialityConfidentiality is roughly equivalent to privacy. To ensure confidentiality, measures are taken to make sure sensitive information does not reach the wrong people. However, they also make sure that only authorized persons have access to the data. Data can also be classified according to the potential damage it could cause if it falls into the wrong hands. There are many options for how stringent or non-strive measures that can be taken to safeguard data confidentiality. This training would include security threats that could endanger the information. Training can be used to familiarize people with the risks and how they can be protected. Training can also include information about social engineering techniques and strong passwords. This will help prevent authorized personnel from potentially damaging data handling rules.
An account number, or routing number, is one example of a method to protect confidentiality. Data encryption can be used to secure confidentiality. Standard procedures include passwords and user IDs. Two-factor authentication has become the norm. Biometric verification, security tokens and key fobs are other options. Users can also take steps to reduce the amount of information that appears in different places and how often it is transmitted to complete transactions. Extra precautions could be taken when sensitive documents are concerned.
IntegrityIntegrity is about maintaining data’s consistency, accuracy, trustworthiness, and integrity throughout its lifecycle. Data must not be altered during transit. Unauthorized people cannot alter it (for instance, by breaching confidentiality). File permissions and user access control are two examples of these measures. To prevent accidental deletions or erroneous modifications by authorized users, version control may be used. It is important to have a way to detect data changes that may be caused by non-human events, such as an EMP or server crash. Checksums and cryptographic checkssums may be used to verify integrity of data. To restore the data in its original state, backups or redundancies will be required.
AvailabilityAvailability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts. You should also keep up with any system updates. A good system upgrade will ensure that you have adequate communication bandwidth, and avoid bottlenecks. When hardware problems do arise, redundancy, failover and RAID can all help to mitigate the consequences. It is important to have a plan for disaster recovery (DRP), which can provide rapid and flexible disaster recovery in the event of the worst. Unpredictable events like fire and natural disasters must be considered when securing data from loss or interruptions. To prevent data loss from such occurrences, a backup copy may be stored in a geographically-isolated location, perhaps even in a fireproof, waterproof safe. Firewalls and proxy servers, as well as additional security software, can be used to protect against downtime or unreachable data from malicious actions such denial-of service (DoS) attacks or network intrusions.
The CIA paradigm faces additional challenges with big data due to the large amount of information to be protected, the multitude of sources and formats it is available. Additional costs can be added by duplicate data sets or disaster recovery plans. Data oversight is often poor because big data has a primary concern: it collects and interprets all the data. Edward Snowden, a whistleblower and author, raised the issue when he revealed that the NSA had collected large amounts of personal information from American citizens.
Internet of Things privacy refers the special considerations necessary for protecting individuals’ information from exposure within the IoT ecosystem. Nearly all physical and logical entities or objects can be assigned a unique identification number that gives them the ability to communicate via the Internet or other similar networks. Privacy issues may not arise from the data sent by an endpoint. Although data sent by a given endpoint may not cause privacy issues, even fragmented information can be collected, analyzed, and then analyzed.
Internet of Things security presents a unique challenge due to the fact that IoT devices are not just computers but many other internet-enabled devices. These devices often go unpatched, and often have weak passwords. IoT items can be used to attack separate targets or even as part of an attack vector if they aren’t adequately protected. Researchers demonstrated, in a proof-of-concept exploit that an IoT-enabled lightbulb could compromise a network, among other things. Proofpoint, an enterprise cybersecurity firm, discovered in December 2013 that hundreds of thousands were being recorded through a security portal. Proofpoint found that the botnet was comprised of 100,000 hacked devices. It is important to consider security when developing products that can be connected.