Confidentiality, Integrity, and Availability are the main goals to protect the cyberspace. These three are summarized in a single paradigm called the “CIA Triad” and allow the IT expert to give the right priorities to the actions they need to perform while protecting the systems. Each of them is defined as follows:
- Confidentiality prevents the disclosure of information to unauthorized people, resources, or processes. It is important to remember that the data could end up in the wrong hands and therefore it is necessary to adopt effective security measures for each category.
- Integrity refers to the accuracy, consistency, and trustworthiness of data.
- Availability ensures that information is accessible by authorized users when needed. This involves maintaining hardware and technical infrastructure and systems that hold and display the information.
CONFIDENTIALITY IN FOCUS
Often, the term confidentiality is confused with privacy. However, it is important to emphasize that from a legal point of view they are not equal, as most private data is confidential, but not all confidential data is private. There are three types of sensitive information:
- Personal information is personally identifiable information (PII) that traces back to an individual.
- Business information is information that includes anything that poses a risk to the organization if discovered by the public or a competitor.
- Classified information is information belonging to a government body classified by its level of sensitivity.
Access control defines some security schemes through the concepts of AAA (Authentication, Authorization, and Accounting) to ensure confidentiality.
INTEGRITY IN FOCUS
An integrity check is a way to measure the consistency of a collection of data (a file, a picture, or a record). The integrity check uses the concept of hash functions to take a snapshot of data at an instant in time.
AVAILABILITY IN FOCUS
The continuous availability of information systems is imperative to modern life. High availability systems typically include three design principles:
- Eliminate single points of failure
- Provide for reliable crossover
- Detect failures as they occur
The goal is the ability to continue to operate under extreme conditions, such as during an attack. One of the most popular high availability practices is five nines, i.e. that downtime is less than 5.26 minutes per year (thus 99.999% of uptime).
WHY IS THE CIA TRIAD SO IMPORTANT?
The CIA triad was created for organizations to ask themselves the right questions as they decide to adopt a new technology or assess the needs in each area considered. Of course, each company will have different needs and maybe one area will have greater importance than the others. For example, confidentiality is very important in government institutions to prevent secret information from being disclosed, integrity for the financial sector to ensure the exchange of resources, and availability for e-commerce such as Amazon, where a few minutes of downtime can potentially cost millions of dollars.
All these characteristics make us understand how there is a trade-off between these three principles, however, this aspect is not to be considered negative, but rather it should foster a conscientious choice of what you are doing.
Chai, W. (2021, January 29). confidentiality, integrity and availability (CIA triad). WhatIs.Com. https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIAWalkowski, D. (2019, July 9).
What Is the CIA Triad? Understanding the significance of the three foundational information security principles: confidentiality, integrity, and availability. F5 Labs.com. https://www.f5.com/labs/articles/education/what-is-the-cia-triad