The C.I.A. triad is a model used to help find vulnerabilities in a program and to find ways to create solutions. C.I.A. stands for condifdentialtiy, integrity, and availability of information essential to the operation of the business. This model is used as a guide for the security team to identify how concerns should be addressed.
Confidentiality is focused on “preventing unauthorized access to sensitive information” (Brooks, 2023). This principle looks to accomplish the task of making sure those who are unauthorized to access the data, are not able to access the data and those who are allowed, are able to access this information. The two main ways used to “ensure confidentiality are cryptography and access control” (Brooks, 2023). Confidentiality can be compromised either intentionally where the attacker breaks into the network and reads the information or unintentionally such as through carelessness of an individual who mishandles information such as sharing their credentials with someone else or allowing them to see their login.
If a breach in confidentiality were to occur, there could be a lawsuit where the employer could receive monetary damages if they could be calculated, the person could be blacklisted or have a bad reputation which prevents them from being able to work in the field of business, or a liability if they are hired. The best practice in protecting confidential data is by encrypting the data so it requires a decryption key. A second method to ensuring only authorized individuals can access the code is by implementing access control such as MAC (mandatory access control) DAC (discretionary access control), or RBAC (role-based access control or rule-based access control) (Brooks, 2023).
Integrity is focused on ensuring the data is trustworthy and free from tampering. It ensures the integrity of the data by “preventing the modification of information by unauthorized users, preventing the unauthorized or unintentional modification of information by authorized users, and preserving internal and external consistency” (Brooks, 2023).
The integrity of a code is usually compromised with intention but could also occur accidentally if the business security policies are inadequate. If a code were to be compromised, this could result in allowing the attacker to gain access to data and misusing it to cause harm to others or change the data so that it would reflect inaccurately in the system and cause it to malfunction. To protect the integrity of the data, one could use “hashing, encryption, digital certificates, or digital signatures” (Fortinet.com).
Availability is focused on “ensuring that a system’s authorized users have timely and uninterrupted access to the information in the system and to the network” (Brooks, 2023). Some of the ways a code’s availability is compromised is due to a cyberattack, power outage, hardware issue, unplanned software downtime, and infrastructure overload. To ensure data is available, one could use “hardware redundancy, failover, clustering and routine backups stored in a geographically separate location” (Brooks, 2023).
Brooks, R. (2023, March 17). The CIA triangle and its real-world application. The CIA Triad and Real-World Examples. Retrieved April 5, 2023, from https://blog.netwrix.com/2019/03/26/the-cia-triad-and-its-real-world-application/
What is the CIA triad and why is it important? Fortinet. (n.d.). Retrieved April 5, 2023, from https://www.fortinet.com/resources/cyberglossary/cia-triad
