In information security, the term CIA Triad refers to confidentiality, integrity, and availability of applications, data, installed systems, and subsystems.
These three principles play a key role in maintaining the security of organizations’ crucial data. These are the key goals of any security-related program.
The security expert assesses or measures threats based on their impact on these three principles: the confidentiality, integrity, and availability of the company’s assets.
The security team can present efficient security policies by evaluating the impact of threats on the three crucial security principles.
Let’s discuss the three principles of the CIA triad in detail:
Confidentiality helps to keep the company’s data secret. It plays a key role in securing the crucial data or information related to any organization.
It refers to securing data against any unauthorized access. In this principle, we ensure that the specific data is accessible to only authorized persons.
Unauthorized persons cannot access the data. For instance, only the authorized employees of a company can access the employee’s payroll management system.
Direct attacks can breach confidentiality and can be a reason for unauthorized access to systems, databases, and expensive applications.
Some examples of these violations include:
Confidentiality can also be breached due to human errors or carelessness. This includes weak password or authentication systems, failure to encrypt data, etc.
Confidentiality can be achieved through:
This security principle ensures the security of data against any alteration. It helps to keep the data authentic and reliable.
For example, if a customer is buying anything from an online store, their information (form filling) regarding the product should not be altered.
Data security can be maintained by ensuring integrity. Integrity can be harmed through attacks like altering with intrusion detecting system, modification of configuration files.
Human errors can also be a reason for compromised integrity. It includes a lack of care while writing the code or improper security policies.
Data can be secured through:
Integrity also contains the concept of non-repudiation. It is the incapability to deny or negate something.
For example, the senders cannot negate having sent an email. Receivers can also not claim that the message is different from the one sent by anyone.
This principle ensures the timely availability of the system. It helps authorized users access the system whenever they require it.
Potential threats to availability include:
A denial of service attack (DDOS) is one of the most common attacks that can threaten availability.
In this attack, the working of the system, website, or any web-based application can be purposely and maliciously corrupted.
It can result in making the system unreachable. The measures that can be taken to maintain the availability include: