What is the CIA Triad?
The CIA Triad stands for Confidentiality, Integrity and Availability. These three concepts form the basis of information security. They are the principles that secure systems should adhere to. In other terms, an information, or a system, is secure if its confidentiality, integrity and availability are ensured.
An information is confidential if only authorized users can access it.
If an unauthorized person is able to read the data by some means or other, then this violates the confidentiality aspect. This can happen by eavesdropping, phishing or Man-In-The-Middle attacks.
To ensure confidentiality, we can use encryption to prevent access to intercepted communications. we can also implement proper access control mechanisms to only allow authorized users to access the data.
Integrity is the assurance that data did not change by any unauthorized mean, whether intentional or not. It ensures that data remains accurate and correct.
Human errors and Man-In-The-Middle attacks are some of the ways that can compromise data integrity.
One way to prevent this is through the use of hash algorithms. Checksums and Message Authentication Codes (MAC) are also other ways to ensure integrity.
Availability means that information can be accessed by authorized users whenever it is needed.
Power failures and Distributed Denial of Service (DDoS) Attacks are some of the threats that can compromise availability. To prevent this, redundancy mechanisms and anti-DDoS solutions are some of the measures that we can deploy to ensure availability.
These three security concepts depend on each other. Too much of one element can compromise one or both of the other elements.
For example, let’s say you decide to focus too much on confidentiality: You write your confidential information in a piece of paper, you put the paper in a safe, and then you seal the safe and throw it in the middle of the ocean. While you have successfully protected the confidentiality of your information, you have severely impacted its availability. You wouldn’t be able to access the information now that it is no longer available to you.
If your focus on the three objectives is unbalanced, or if one element fails, then the entire security falls apart. The CIA triad should therefore be the main focus of the security professional.