An Idiot's Guide to Cybersecurity — The CIA Triad

As a student and consultant, there has always been a need for me to choose a niche. From the vast arrays of AI projects, blockchain projects, network and security projects, and so on. I stood lost and confused. During my little 3 month vacation before my job and after my studies, I had the grand idea of delving into the world of cybersecurity.

Given how everything nowadays is automated and digitized, the need for cybersecurity and robust security protocols is on the rise. And the fun fact is, this niche will never die. The threat actors will upgrade, the technology will evolve, and so will the type of security frameworks and controls. It is an ever-changing field, which will never run out of demand.

So let’s jump right in. When going through numerous Intro to Cybersecurity courses you will have inevitably seen the famous “CIA” triad. It seems and is extremely important to the world of cybersecurity. So let’s crack into it. This blog will detail and explain what the CIA triad is to an absolute beginner in the simplest form. No fancy jargon, no hard technical terms, just simple old layman language!

Note: skip to the very end for a quick recap and cheat sheet of the CIA Triad!

What is the CIA Triad?

Cybersecurity

Before we delve into what the CIA Triad is let’s quickly understand what cybersecurity is. Cybersecurity involves working to prevent bad actors from gaining access to data or systems that need to remain private. It is a set of processes, best practices, and technology solutions that help protect your critical systems and network from digital attacks.

So what’s the CIA Triad?

The CIA Triad is a model that highlights the three cornerstones of information security: Confidentiality, Integrity, and Access. The CIA triad provides a simple and complete checklist for evaluating an organization’s security.

The CIA triad provides a high-level framework for cybersecurity professionals to consider when auditing, implementing, and improving systems, tools, and programs for organizations. It is a powerful way to identify weak points and form solutions to strengthen policies and programs.

To make things easier let’s take an example. Imagine you have a safe with a number lock and you decided to put two gold necklaces in it and close it.

Confidentiality: Only you are authorized to open this safe, hence only you know the password to the safe, and no one else. At some point in time, you decide that you want your partner to also have access to this safe, you share the password with your partner and only your partner. So, in this case, confidentiality is maintained by ensuring only authorized personnel can access the safe or in the real-world- data and information

Integrity: You have left the two necklaces safely in the safe for two years untouched. One day you decide to come back and check or retrieve the two necklaces. Integrity means that the same two necklaces are in the same the exact way you left them two years ago. Nothing about it is altered- they remain in the same exact position and the necklaces are the same two necklaces you had left behind.

Availability: In the event you want to retrieve or take a look at the two necklaces in the safe you are able to do so using the set password. The necklaces are available and accessible to you as long as you know the correct password, and you haven’t made the administrative decision of removing the necklaces from the safe.

So, hopefully, by now you have a general idea of what the CIA Triad is. In the upcoming parts of this blog, we will delve deeper into each of the three cornerstones of cybersecurity and better understand their importance and roles in the real world.

Confidentiality

Confidentiality ensures that data is accessible only to authorized individuals or systems. In another sense, it means that we are protecting information from threat actors with malicious intent, as well as limiting access to only authorized personnel within an organization.

It is essentially maintaining the confidentiality of data as the name suggests. This is done by preventing unauthorized access, disclosure, or exposure of sensitive information.

What happens if confidentiality is not maintained?

Without confidentiality, sensitive data such as PII (Personally Identifiable Information), trade secrets, or financial data could be compromised, leading to serious consequences like identity theft, financial loss, or reputation damage among many others.

How to ensure confidentiality?

Confidentiality is enforced through measures like encryption and authentication. Following are a few ways we can ensure confidentiality:

1. Encryption: Encryption scrambles data into a format that can only be read by authorized parties who possess the decryption key. This means that even if unauthorized individuals or systems gain access to the encrypted data, they won’t be able to decipher its contents without the key.
2. Access Control: Access control mechanisms, such as passwords, biometrics, and access permissions, are used to restrict access to sensitive information to only authorized users or systems.
3. Data Classification: Data classification involves categorizing data based on its sensitivity or importance. By classifying data, organizations can apply appropriate security controls and restrictions to ensure that highly confidential information receives the highest level of protection.
4. Data Loss Prevention (DLP): DLP solutions are designed to prevent unauthorized data disclosure by monitoring and controlling the movement of sensitive information within an organization’s network. DLP tools can detect and block attempts to transfer confidential data outside of authorized channels or to unauthorized recipients.
5. Physical Security: Physical security measures, such as locks, access cards, and surveillance cameras, help protect physical assets that contain confidential information, such as servers, data centers, and storage devices. By securing physical access to these assets, organizations can prevent unauthorized individuals from physically accessing confidential data.
6. Employee Training and Awareness: Employees play a crucial role in maintaining confidentiality. Training programs and awareness initiatives can educate employees about the importance of confidentiality, how to handle sensitive information securely, and how to recognize and respond to security threats and breaches.

Integrity

Integrity means to protect the accuracy of information. It is important to make sure that professionals and intended users are accessing accurate information.

Similarly, data available to the public must also maintain integrity so that customers and clients can trust the organization. After all, it is not worth having a doubtful clientele, you might just end up having any clientele at all!

A system with integrity keeps data safe from unnecessary changes, be it by accident or with malicious intent.

To ensure integrity professionals might implement access levels, which allow them to track changes, and protect data when transferring or storing it.

An example to easily understand the importance of integrity would be altering university grades, or intercepting money transfers and changing the dollar amount in seemingly insignificant ways, so the excess can be sent elsewhere.

What happens if integrity is not maintained?

Maintaining data integrity is critical for ensuring the reliability of information and the trustworthiness of systems. Without integrity, data could be tampered with, leading to misinformation, operational errors, or security breaches.

How to ensure integrity?

Integrity is achieved most commonly using secure hashing algorithms when transferring data. Some other ways of ensuring integrity are as follows:

1. Data Validation: Implement validation checks to ensure that incoming data is accurate, complete, and consistent with predefined rules and standards. This can involve techniques such as data validation rules, checksums, and hash functions to verify the integrity of data at various stages, such as input, processing, and output.
2. Access Control: By implementing strong access control policies we can ensure that data can only be manipulated or altered by authorized personnel, making sure that no threat actors and unauthorized personnel do not have access to the sensitive data.
3. Change Management: Implement change management processes to control and track changes made to data, systems, or configurations. This includes documenting and reviewing changes, obtaining approvals from authorized personnel, and maintaining audit trails to track who made changes and when.
4. Encryption: Use encryption to protect data both at rest and in transit. Encryption not only helps maintain confidentiality but also ensures data integrity by preventing unauthorized modifications to encrypted data. This ensures that even if attackers gain access to encrypted data, they cannot alter its contents without the decryption key.
5. Digital Signatures: Use digital signatures to verify the authenticity and integrity of electronic documents or communications. Digital signatures use cryptographic techniques to ensure that a document has not been altered since it was signed by its sender, providing assurance of its integrity.
6. Backup and Recovery: Regularly back up data and implement robust backup and recovery procedures. In the event of data corruption or loss, backups can be used to restore data to its original state, helping to maintain data integrity and minimize the impact of incidents.
7. Data Integrity Controls: Implement data integrity controls within systems and databases to detect and prevent unauthorized modifications or corruption of data. This can include features such as write-once-read-many (WORM) storage, versioning, and integrity-checking mechanisms.

Availability

Availability means that data and information are accessible, viewable, and editable by authorized personnel at any time. Availability concerns arise when operating systems, equipment, and data are not functioning correctly.

Availability ensures that data and services are accessible and usable when needed by authorized users. This includes preventing disruptions, downtime, or denial of service attacks that could impact the availability of systems or data.

What happens if availability is not maintained?

Maintaining availability is essential for ensuring continuous operations, productivity, and user satisfaction. Without availability, users may experience service outages, which can result in financial losses or damage to reputation.

How to ensure availability?

Availability is ensured usually by creating a recovery plan or by conducting regular backups. Other ways of ensuring availability are:

1. Redundancy and Failover: Implement redundancy and failover mechanisms to minimize single points of failure and ensure continuous availability of critical systems and services. This can involve deploying redundant hardware, network links, and data centers to provide backup resources that can take over in case of failures.
2. Load Balancing: Use load balancing techniques to distribute incoming traffic across multiple servers or resources. Load balancers help optimize resource utilization and prevent overloading of individual systems, ensuring that services remain available even during periods of high demand or traffic spikes.
3. Scalability: Design systems and architectures to be scalable, allowing them to dynamically adapt to changing workloads and resource requirements. Scalable systems can automatically allocate additional resources as needed to accommodate increased demand, ensuring that services remain available and responsive.
4. Monitoring and Alerting: Implement monitoring tools and systems to continuously monitor the health and performance of IT infrastructure and services. Proactive monitoring helps identify potential issues or performance degradation early, allowing organizations to take corrective actions and prevent disruptions to availability.
5. Incident Response and Disaster Recovery: Develop and implement incident response and disaster recovery plans to effectively respond to and recover from disruptions or outages. This involves defining procedures, roles, and responsibilities for responding to incidents and restoring services in a timely manner to minimize downtime and impact on availability.
6. Distributed Denial of Service (DDoS) Protection: Deploy DDoS protection solutions to mitigate the risk of DDoS attacks, which can overwhelm and disrupt services by flooding them with malicious traffic. DDoS protection mechanisms can help detect and mitigate DDoS attacks in real-time, ensuring that services remain available to legitimate users.
7. Service Level Agreements (SLAs): Establish SLAs with service providers or vendors to define agreed-upon levels of availability and performance. SLAs typically include uptime guarantees and response times for resolving issues, providing organizations with assurances of service availability and reliability.

Why is the CIA Triad so vital to the industry?

1. Comprehensive Framework: It provides a comprehensive framework for understanding and addressing the core objectives of information security. By focusing on these three principles, organizations can develop holistic security strategies that cover a wide range of potential risks and threats.
2. Risk Management: The CIA triad helps organizations identify and prioritize security risks. By assessing the potential impact of threats on confidentiality, integrity, and availability, organizations can allocate resources more effectively and implement targeted security measures to mitigate risks.
3. Regulatory Compliance: Many regulatory frameworks and industry standards, such as GDPR, HIPAA, and PCI DSS, require organizations to protect the confidentiality, integrity, and availability of sensitive information. Adhering to the principles of the CIA triad is essential for achieving compliance with these regulations and avoiding legal and financial consequences.
4. Trust and Reputation: Upholding the principles of the CIA triad helps build trust with customers, partners, and stakeholders. By ensuring the confidentiality, integrity, and availability of data and services, organizations demonstrate their commitment to security and reliability, enhancing their reputation and credibility in the eyes of others.
5. Resilience and Continuity: By focusing on availability alongside confidentiality and integrity, organizations can enhance their resilience and continuity in the face of disruptions and disasters. Implementing measures to ensure the availability of critical systems and data helps minimize downtime and maintain business operations even in challenging circumstances.

Examples and Explanations of the CIA Triad in Action.

Some use cases for the CIA triad:

1. Data Encryption: Encryption techniques are used to ensure confidentiality by converting sensitive data into a form that can only be deciphered with the appropriate decryption key. This prevents unauthorized access to the data even if it’s intercepted during transmission or stored on a compromised system.
2. Access Control: Access control mechanisms, such as user authentication and authorization, help enforce confidentiality and integrity by ensuring that only authorized users have access to specific data or resources. This prevents unauthorized individuals from viewing or modifying sensitive information.
3. Data Backups: Regular data backups are essential for maintaining data availability. In the event of data loss or corruption, backups can be used to restore the data and minimize downtime, ensuring that critical services remain available to users.
4. Intrusion Detection Systems (IDS): IDS solutions monitor network traffic and systems for suspicious activities or potential security breaches. By detecting and alerting on unauthorized access attempts or malicious behavior, IDS helps protect the confidentiality, integrity, and availability of systems and data.
5. Data Validation and Error Checking: Implementing data validation and error-checking mechanisms helps ensure data integrity by detecting and preventing errors, inconsistencies, or unauthorized modifications to data. This helps maintain the accuracy and reliability of information stored within systems.

Summary

Further Readings and Materials.

1. 1-week course on edX, a brief and concise introduction to cybersecurity, best for someone who is just starting out and would love some easy-to-understand definitions: edX: Try It: Cybersecurity Basics
2. If you do not want to sit through a 1-week course, this article is perfect for you it covers pretty much everything in the previously listed course: What is cybersecurity?
3. This is a 6-month course for anyone who wants to get certified and accelerate their education or job or update their resume: Google Cybersecurity Professional Certificate