Information Security: The CIA Triad

An immensely broad field, Information Security involves the design and testing of data which may be personal, internal or confidential, communicate via networks and the internet, should be secured and protected.

In this post, the main objective is to narrate one of the fundamental concepts of security that should be familiar with most security professionals: The CIA (Confidentiality, Integrity, and Availability) triad.

A simple but widely-accepted security model is the CIA triad; standing for Confidentiality, Integrity and Availability; three key principles which can be implemented in any kind of organization. This principle is applicable across the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet. If any one of the three is non-compliant, it may have serious consequences.

Let’s understand the importance of these three components (CIA).

What CIA is all about?

Confidentiality: Confidentiality is the ability to hide information from people not authorized to view it.

Information has a lot of value in today’s world. Bank statements, personal information, credit card numbers, trade secrets, government documents. Everyone has some information they wish to keep a secret. Protecting such information is a major part of information security.

Integrity: Integrity is the ability to ensure the trustworthiness of information resources. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people and it should be consistent and accurate.

Availability: Availability implies an obligation to provide correct information. It is important to ensure that the information concerned is readily accessible.

People are the weakest link. You can have the best technology: firewalls, intrusion-detection systems, biometric devices ... and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything.

                         — Kevin Mitnick (Famous American computer security consultant)

The above quote when elaborated, hints at 3 keys of IT system success (People, Process and Technology) and the importance of merging them with CIA, to make the overall organization highly secured.

To conclude, it is always wise to take the people, process, technology approach to maximize your organization chances of achieving both a successful implementation and the business benefits and amalgamate with the CIA security model to get more secure and robust implementation.

Authored By Satyajit Behera

Rate this article: 
0
No votes yet
Article category: