What is the CIA Triad? -Defined, Explained, and Explored




By Yugansh Kumar       June 6, 2020




By Yugansh Kumar

June 6, 2020

In the information security (InfoSec) community, “CIA” has nothing to try to to with a particular well-recognized US intelligence. These three letters stand for ConfidentialityIntegrity, and Availability, also known as the CIA Triad. Together these principles are the foundation of any organization’s information security. Security professionals evaluate threats and vulnerabilities based on the potential impact they have on the Confidentiality, Integrity, and Availability of an organization’s assets—namely, its data, applications, and critical systems.

Confidentiality

Confidentiality is roughly equal to privacy. Measures were usually undertaken to make sure confidentiality is meant to stop sensitive information from reaching the incorrect people while ensuring that authorized people can access it. Only the sender and receiver can understand the content. It prevents unauthorized disclosure of information.
The important question that arises here is how one can maintain Confidentiality? It can be done by encrypting the data so that even in the case of the interception of data by the attacker, he would still not be able to understand the data.

Importance of Confidentiality:

Let’s take an example of a banking site if the customers know that the information about their withdrawal of money and credit card is not safe with the bank. The bank would be in a lot of trouble as the company’s trust will be lost and this will cause high damage to their business and image.

Confidentiality : CIA Triad
Picture showing a conversation between Bob and Alice where the attacker Eve is eavesdropping.

Integrity

This principle states that the data should not be altered during its transmission and designed to protect data from deletion or modification from any unauthorized party. Integrity is implemented using hashing algorithms because every word has a unique hash value so even if the content is changed by an intruder, the receiver would be able to know about it.
Importance of Integrity:
Let’s take an example where a doctor ordered a patient some medicine and the prescription gets changed before buying them. This is an issue of integrity where the information gets changed and is misinterpreted and causes harm to a person or a company.

Integrity : CIA Triad
An Intruder trying to alter a conversation between Alice and Bob.

Availability

This is the final component of the CIA Triad and refers to the actual availability of your data. Authentication mechanisms and systems all have to work properly for the information they protect and ensure it’s available when it is needed. It can be maintained by rigorous testing of the hardware systems and having a digital signature attached to the message.
Importance of Availability:
Suppose you have your board exam result out today and some attacker does a DOS Attack on the result website. The information would be unavailable to the students.

Availability : CIA Triad
Eve being and attacker trying to destroy the message meant for Bob

Conclusion

As a beginner in information security one should understand the importance of CIA Triad as it forms the basics of info-sec. To obey these principles are important for any organization. Break-in Confidentiality leads to the Disclosure of data, break-in Integrity leads to Alteration in data, and break in Availability leads to Destruction of data.

Cia Triad : Conclusion

In case of any queries regarding the CIA Triad feel free to ask in the comment section down below.

Get the latest tech news and updatesethical hacking tutorials and cybersecurity tips and tricks. Check out MeuSec for more.


You Might Also Like

Subscribe to our Newsletter

Advertisement