SHREE LEARNING ACADEMY

Principles of Security | CIA Triad

In order to safeguard against the worst, individuals working in IT strive to follow three fundamental principles of information security: confidentiality, integrity, and availability, which are commonly referred to as the CIA triad, as depicted in the figure.

CIA Triad

Through the utilization of the principles of confidentiality, integrity, and availability, an organization can effectively secure its hardware, software, and communications. Now, let's delve into each of the three components of the CIA triad in greater detail.

Confidentiality

The notion of confidentiality revolves around prohibiting the distribution of information to individuals who lack authorization. From a public standpoint, this can involve sensitive data such as Social Security numbers (or equivalent identification in different countries), driver's license information, bank account details, passwords, etc. However, for organizations, it pertains not only to the above-mentioned data, but also encompasses the confidentiality of data.

In order to maintain data confidentiality, it is imperative for the organization to exert considerable effort to ensure that solely authorized individuals are able to access it. For instance, when utilizing a credit card number for a transaction at a physical or online store, the number must be encrypted using a robust cipher to prevent any potential compromise of the card number. The next time you make an online purchase, observe the measures implemented to ensure the confidentiality of your credit card number. As a security expert, your foremost objective should be to uphold confidentiality. By preserving data confidentiality, you eliminate threats, mitigate vulnerabilities, and minimize risks.

Integrity

Integrity implies that the data has not undergone any unauthorized alterations. Prior authorization is required before making any modifications to the data, which serves to preserve its integrity. For instance, if an individual were to deliberately or accidentally delete a crucial file, the integrity of that file would have been breached. Permissions should have been established to prevent such an occurrence.

Availability

Allocating resources for computer and network security can be challenging. Ensuring data availability involves making it accessible irrespective of storage, access, or protection methods employed. Furthermore, data must remain available even in the face of malevolent attacks. Attacks like DoS (Denial of Service) are used to ruin this principle, and may cause a lot of business loss. Think about an E-commerce store going offline for few minutes. The shoppers will not be able to buy and may even move to competitor's site. Hence, availability is very important for the business.


Test Yourself
Take Free Quiz
Watch our Video Tutorial
Watch Video Tutorial