What are best practices in the CIA triad?

Overview

In information security, the term CIA Triad refers to confidentiality, integrity, and availability of applications, data, installed systems, and subsystems.

These three principles play a key role in maintaining the security of organizations’ crucial data. These are the key goals of any security-related program.

Security expert in CIA

The security expert assesses or measures threats based on their impact on these three principles: the confidentiality, integrity, and availability of the company’s assets.

The security team can present efficient security policies by evaluating the impact of threats on the three crucial security principles.

Let’s discuss the three principles of the CIA triad in detail:

  1. Confidentiality
  2. Integrity
  3. Availability
CIA Triad

1. Confidentiality

Confidentiality helps to keep the company’s data secret. It plays a key role in securing the crucial data or information related to any organization.

It refers to securing data against any unauthorized access. In this principle, we ensure that the specific data is accessible to only authorized persons.

Example of confidentiality

Unauthorized persons cannot access the data. For instance, only the authorized employees of a company can access the employee’s payroll management system.

How can confidentiality be breached

Direct attacks can breach confidentiality and can be a reason for unauthorized access to systems, databases, and expensive applications.

Types of violations

Some examples of these violations include:

  1. Network reconnaissance
  2. Electronic eavesdropping
  3. Escalation of system privileges

Confidentiality can also be breached due to human errors or carelessness. This includes weak password or authentication systems, failure to encrypt data, etc.

Confidentiality can be achieved through:

  • Data encryption
  • Strong authentication systems
  • Steganography

2. Integrity

This security principle ensures the security of data against any alteration. It helps to keep the data authentic and reliable.

Example of integrity

For example, if a customer is buying anything from an online store, their information (form filling) regarding the product should not be altered.

Maintaining integrity of data

Data security can be maintained by ensuring integrity. Integrity can be harmed through attacks like altering with intrusion detecting system, modification of configuration files.

Human errors can also be a reason for compromised integrity. It includes a lack of care while writing the code or improper security policies.

Data securing techniques

Data can be secured through:

Integrity also contains the concept of non-repudiation. It is the incapability to deny or negate something.

For example, the senders cannot negate having sent an email. Receivers can also not claim that the message is different from the one sent by anyone.

3. Availability

This principle ensures the timely availability of the system. It helps authorized users access the system whenever they require it.

Potential threats to availability include:

  1. Power or system failure
  2. Natural tragedy
  3. Human errors

A denial of service attack (DDOS) is one of the most common attacks that can threaten availability.

In this attack, the working of the system, website, or any web-based application can be purposely and maliciously corrupted.

It can result in making the system unreachable. The measures that can be taken to maintain the availability include:

Free Resources

License: Creative Commons-Attribution-ShareAlike 4.0 (CC-BY-SA 4.0)