The CIA Triad

Introduction

The CIA triad is a model found in cyber security that guides an organization in protecting their data and systems. CIA is an acronym that stands for confidentiality, integrity, and availability. Sometimes this model is referred to as the AIC triad to avoid confusion with the government agency, the Central Intelligence Agency.

We will break down each component of the CIA Triad, as each one serves as core principals of cyber security.

Importance of the CIA Triad in Cyber Security

A thorough strategy for protecting assets considers the CIA Triad as a whole. Confidentiality, integrity, and availability all must be considered when determining the needs and use cases for new technologies, products, and services provided by an organization.

Confidentiality

Definition and Importance

The Merriam-Webster definition of confidential is:

Confidential:

Intended for or restricted to the use of a particular person, group, or class.

Containing information whose unauthorized disclosure could be prejudicial to the national interest.

Marked by intimacy or willingness to confide.

Entrusted with confidences.

Confidentiality is all about protecting and preventing unauthorized access to sensitive information. This means that only authorized users can access and or modify data. This can be implemented through access controls, data masking, and encryption.

Personal data such as PII(Personally Identifiable Information), health information, financial information, log in credentials, etc, are all types if information that should be protected from unauthorized access.

Integrity

Definition and Importance

Merriam-Webster defines integrity as:

Integrity:

Firm adherence to a code of especially moral or artistic values, incorruptibility.

An unimpaired condition.

The quality or state of being complete or undivided.

Integrity refers to ensuring that data is trustworthy and is kept in an unchanged state, complete, and unmodified or altered.

Measures taken to ensure data integrity include access controls, file permissions, version control, and back ups. The risk of data being compromised comes from malicious actors, user accidents, or unintentionally from system malfunctions.

Availability

Definition and Importance

According to Merriam-Webster, availability is:

Availability:

The quality or state of being available.

An available person or thing.

Availability is concerned with ensuring systems and services are accessible and operational, and that authorized users have access to the data they need when they need it. This entails hardware maintenance and repairs, software conflicts mitigated, and having a properly functioning environment in which data is stored in. The elimination of bottlenecks and appropriate amounts of bandwidth, disaster recovery plans and other safeguards all help to prevent unreachable data.

There are numerous other measures, but we wont get into the weeds of all that for now. Some of the threats to availability include DOD attacks, ransomware/malware attacks, power loss, natural disasters, and many many others.

Conclusion

The CIA Triad’s three principals serve as a comprehensive checklist from a high level to evaluate security tools and procedures. It is valuable in efforts to maintain the security posture of organizations and enabling every day tasks to be performed by staff. Confidentiality, integrity and availability are interconnected and understanding the relationship between them helps to prioritize the implementation of security policies.

I hope this information brings value, and be on the lookout for more coming soon!