CIA Triad

What is CIA?

CIA stands for Confidentiality, Integrity, and Availability.

CIA is the basic three-pillar approach to be followed and carried out with respect to cyber security in any organization to keep their assets i.e. people, processes and technology safe and secure.

Security professionals evaluate threats and vulnerabilities based on the potential impact they have on the confidentiality, integrity, and availability of an organization’s assets — namely, its data, applications, and critical systems. Based on that evaluation, the security team implements a set of security to reduce risk within their environment.

Confidentiality: Keeping the data secure

Confidentiality involves the efforts of an organization to make sure data is kept secret or private. To accomplish this, access to information must be controlled to prevent the unauthorized sharing of data — whether intentional or accidental. A key component of maintaining confidentiality is making sure that people without proper authorization are prevented from accessing assets important to the business.

For example, those who work with an organization’s finances should be able to access spreadsheets, bank accounts, and other information related to the flow of money. However, the vast majority of other employees — and perhaps even certain executives — may not be granted access. To ensure these policies are followed, stringent restrictions have to be in place to limit who can see what.

Some controls to keep the asset confidential:

1. Encryption
2. Password
3. Access Control
4. Biometric verification

Integrity: Keeping the data clean

In the world of information security, integrity refers to the accuracy and completeness of data. Security controls focused on integrity are designed to prevent data from being modified or misused by an unauthorized party. Integrity involves maintaining the consistency and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and precautionary steps must be taken to ensure that data cannot be altered by unauthorized people.

For example, in a data breach that compromises integrity, a hacker may seize data and modify it before sending it to the intended recipients.

Some security controls designed to maintain the integrity include:

1. Encryption
2. Access controls
3. Version control
4. Backup and recovery procedures

Availability: Keeping the data accessible

As much as confidentiality is appreciated, the availability of information to the right authorized personnel is vital. Availability is typically associated with reliability and system uptime, which can be impacted by non-malicious issues like hardware failures, unscheduled software downtime, human error, or malicious issues like cyberattacks and insider threats. If the network goes down unexpectedly, users will not be able to access essential data and applications.

Some of the security measures for mitigating threats to availability include:

1. Off-site backups
2. Disaster recovery
3. Redundancy
4. Failover
5. Virtualization
6. Server clustering
7. Continuity of operations planning

How can we help?

Each organization requires a varied level of protection of C-I-A. However, finding the right combination of controls to make sure we are not overspending / under protecting is critical. Organizations need the right security governance and oversight to ensure adequate protection. We at Reflect security help implement and maintain better security governance through our Virtual CISO service (vCISO).

To know more about our services, please visit www.reflectsecurity.com or contact info@reflectsecurity.com. Also, subscribe to our newsletter to know more about cyber security and the latest trends.