What Is CIA Triad? — The Backbone Of Information Security

In today’s world, gathering, organizing, and analyizing data has enabled new technologies and has created a vast amount of wealth. The world’s most valuable resource is no longer oil, but data. The ability to understand and create platforms around data has allowed empires to be built and lives to be saved through health monitoring devices such as the apple watch. The topic of how that data is being used is for a different time, but how to protect data is what I would like to focus on in this article. At the basic level, the CIA triad is the backbone in protecting all types of data. The CIA traid stands for Confidentiality, Integrity, and Availability. It is imporant to understand the role that CIA plays in information security. I will explain each component of the CIA triad and the different mechanisms that are used to ensure that they are not violated.

CIA Triad

Confidentiality — Ensures that data and resources are only available to those that are authorized.

Example: I am in the sales department, and I have access to the monthly sales report.

Tools used to protect confidentiality:

• Data Encryption — SHA-256 or Bcrypt

Image Source

• Multi-Factor Authentication (MFA) — One-time passwords (OTP) via email or text
• Access Control — Kerberos AAA server to provide Authentication, Authoriztion, and Auiting of IT systems
• Administration Policies — Leaving company policy
• SIEM — Security Information and Event Management is used to monitor events and creates alerts for IT professionals.

Threats to confidentiality:

• Keyloggers— Device or software that captures key strokes
• Phishing emails — Social engineering
• Password cracking — Dictionary, brute-force, rainbow table, hash collision
• Packet-sniffing — Reads user traffic and captures data

Integrity — Data is protected and cannot be altered to ensure the data is reliable and accurate.

Example: The financial data is accurate and has not been altered so that quarterly reports are accurate.

Tools used to protect Integrity:

• Checksum — Cryptographic hash is created and compared and helps ensure that your copy of the file is genuine and free from errors.

Image source

• Backup data — OS snapshots and incremental backups
• Removes duplicates files
• Validates data and input

Threats to Integrity:

• Session highjacking
• Any type of man-in-the-middle (MITM) attack
• Weak or poorly implemented encryption — SHA-1 is deem insecure due to hash collisions

Availability — Timely and uninterrupted access to resources and systems

Example: I am a customer, and I am able to to access my bank account through the mobile app.

Tools used to protect Availability:

• Redundancy — Backup hardware such as servers and hard drives

Image source

• Load balancing — Direct traffic to other servers when there is a high volume of traffic

Continuous Monitoring— Software to monitor internet traffic and performance

Threats to Availability:

• Distributed Denial of Service (DoS) Attack — Floods service internet traffic and legitmate devices cannot access the service.
• Physical attacks on infrastructure
• Natural disasters — hurricanes, floods, tornados, earthquakes, etc

Information security professionals focus on protecting the confidentiality, integrity, and availability of IT systems. Tools have been developed to help accomplish this daunting task. More and more threats are emerging and it is vital that our data is protected. All the tools, processes, and procedures are related to protecting the CIA. Thank for reading, and I hope that this has helped you gain a better understanding of the importance of the CIA triad as the backbone of information security.

Sources:

What Is a Checksum? See a Definition, Examples, and More

How to Perform Windows 10 Incremental Backup?

https://www.easyduplicatefinder.com/duplicatefilecleaner.html

What are the Best Backup Strategies? - AtulHost

Stop using SHA1 encryption: It's now completely unsafe, Google proves

What Is Load Balancing? How Load Balancers Work