In the information security (InfoSec) community, “CIA” has nothing to try to to with a particular well-recognized US intelligence. These three letters stand for Confidentiality, Integrity, and Availability, also known as the CIA Triad. Together these principles are the foundation of any organization’s information security. Security professionals evaluate threats and vulnerabilities based on the potential impact they have on the Confidentiality, Integrity, and Availability of an organization’s assets—namely, its data, applications, and critical systems.
Confidentiality is roughly equal to privacy. Measures were usually undertaken to make sure confidentiality is meant to stop sensitive information from reaching the incorrect people while ensuring that authorized people can access it. Only the sender and receiver can understand the content. It prevents unauthorized disclosure of information.
The important question that arises here is how one can maintain Confidentiality? It can be done by encrypting the data so that even in the case of the interception of data by the attacker, he would still not be able to understand the data.
Importance of Confidentiality:
Let’s take an example of a banking site if the customers know that the information about their withdrawal of money and credit card is not safe with the bank. The bank would be in a lot of trouble as the company’s trust will be lost and this will cause high damage to their business and image.
This principle states that the data should not be altered during its transmission and designed to protect data from deletion or modification from any unauthorized party. Integrity is implemented using hashing algorithms because every word has a unique hash value so even if the content is changed by an intruder, the receiver would be able to know about it.
Importance of Integrity:
Let’s take an example where a doctor ordered a patient some medicine and the prescription gets changed before buying them. This is an issue of integrity where the information gets changed and is misinterpreted and causes harm to a person or a company.
This is the final component of the CIA Triad and refers to the actual availability of your data. Authentication mechanisms and systems all have to work properly for the information they protect and ensure it’s available when it is needed. It can be maintained by rigorous testing of the hardware systems and having a digital signature attached to the message.
Importance of Availability:
Suppose you have your board exam result out today and some attacker does a DOS Attack on the result website. The information would be unavailable to the students.
As a beginner in information security one should understand the importance of CIA Triad as it forms the basics of info-sec. To obey these principles are important for any organization. Break-in Confidentiality leads to the Disclosure of data, break-in Integrity leads to Alteration in data, and break in Availability leads to Destruction of data.
In case of any queries regarding the CIA Triad feel free to ask in the comment section down below.