A question might have crossed your mind that what is confidentiality, integrity, and availability? Why do we need this model? Who actually uses it? And how it is linked with the data we process?
Well, the classic model of CIA for information security defines three objectives: confidentiality, integrity, and availability. Each objective addresses a different aspect of providing protection for information.
Confidentiality, integrity, and availability, also known as the CIA triad is a model designed to maintain privacy policies for information security within an organization. The model is also sometimes referred to as the AIC triad (availability, integrity, and confidentiality) to avoid confusion with the Central Intelligence Agency which is also known as CIA.
In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people. The elements of the triad are considered the three most crucial components of security.
When we talk about the confidentiality of information, we are talking about protecting the information from being exposed to an unauthorized party. Every piece of Information that an individual holds has value, especially in today’s world. From bank account statements, personal information, credit card numbers, trade secrets to legal documents, everything requires proper confidentiality. In other words, only the people who are authorized to do so can gain access to sensitive data.
A failure to maintain confidentiality means that someone who shouldn't have access has managed to get access to private information. Through intentional behavior or by accident, a failure in confidentiality can cause some serious devastation.
Some measures to keep your information confidential are:
Integrity means maintaining the accuracy, and completeness of data. It is also about protecting data from being modified or misused by an unauthorized party. Integrity involves maintaining the consistency and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and precautionary steps must be taken to ensure that data cannot be altered by unauthorized people(repetition).
For example, in a breach of integrity, a hacker may seize data and modify it before sending it on to the intended recipient.
Measures to maintain the integrity of information include:
Availability means that information is accessible to authorized users. Availability of information refers to ensuring that authorized parties are able to access the information when needed. You might have been thinking of how you can ensure data availability? Well, Backup is the key. Making regular off-site backups can limit the damage caused to the hard drives by natural disasters. Information only has value if the right people can access it at the right times.
Measures to mitigate threats to availability include:
The CIA triad is a basic yet important concept in security. An individual must ensure that the three aspects of the CIA triad are implemented which is an important step in designing any secure system.