These three letters stand for confidentiality, integrity, and availability, otherwise known as the CIA triad. Together, these three principles form the cornerstone of any organization’s security infrastructure; in fact, they (should) function as goals and objectives for every security program.
Confidentiality is concerned with preventing unauthorized access to sensitive information. The access could be intentional, such as an intruder breaking into the network and reading the information, or it could be unintentional, due to the carelessness or incompetence of individuals handling the information. The two main ways to ensure confidentiality are cryptography and access control.
Integrity has three goals that help to achieve data security:
- Preventing the modification of information by unauthorized users
- Preventing the unauthorized or unintentional modification of information by authorized users
- Preserving internal and external consistency
Various encryption methods can help ensure achieve integrity by providing assurance that a message wasn’t modified during transmission. Modification could render a message unintelligible or, even worse, inaccurate. Imagine the serious consequences if alterations to medical records or drug prescriptions weren’t discovered. If a message is tampered with, the encryption system should have a mechanism to indicate that the message has been corrupted or altered.
This means that the network should be readily available to its users. This applies to systems and to data. To ensure availability, the network administrator should maintain hardware, make regular upgrades, have a plan for fail-over and prevent bottleneck in a network. Attacks such as DoS or DDoS may render a network unavailable as the resources of the network gets exhausted. The impact may be significant to the companies and users who rely on the network as a business tool. Thus, proper measures should be taken to prevent such attacks.
Why the CIA Triad is important?
The CIA triad is vital to information security since it enhances security posture, helps organizations stay compliant with complex regulations and ensures business continuity.