CIA Triad
The CIA Triad is a fundamental security model in cybersecurity and is composed of Confidentiality, Integrity, and Availability. Confidentiality is something that ensures that data is kept confidential by allowing only authorized users access to the data.
The main thing about Integrity is that data is kept to the same level of protection and that the data could only be changed by the person that changed it thus providing non-repudiation. Availability is the concept that data remains available for the authorized users provided that they are authenticated.
Confidentiality
Confidentiality is the thing that ensures data is kept private and only accessible for authorized users. This is ensured by encryption, access controls and with strong authentication measures. Confidentiality builds trust in the security measures and ensures legal compliance by protecting the organization’s reputation. Threats to confidentiality include phishing, social engineering and password attacks.
Integrity
This makes sure that data has not been altered by malicious users or compromised. Integrity of data is that it maintains its trustworthiness and accuracy. Hash validation is one way to maintain integrity and verify if data has been corrupted or altered. Integrity protects against intentional and accidental modifications of data ensuring that the information remains trustworthy. Threats to Integrity include modifying data, man in the middle attacks and unauthorized file modifications.
Availability
This is where data is available to users for business continuity. Also, where data and systems are available to authorized users when necessary. This includes items like data backups and server maintenance. Availability ensures that the business can continue to function in the event of an incident or a failure of a system. Threats to availability include ransomware, denial of service attacks, distributed denial of service attacks, hardware failures and natural disasters.
Substack Note on Impostor Syndrome
I have posted a note on Substack that is a short form blog post that is about imposter syndrome. It can be found at the following link:
https://substack.com/@dejongaaron/note/c-207972601
In this Substack note the main point that I was covering was that one of the pain points in studying for cybersecurity exams is imposter syndrome. This is further discussed in the Substack note. I will do a post next time; it was my first time doing Substack so bear with me.
Conclusion
The CIA Triad is useful as a security model for understanding fundamental cybersecurity principles, incident response and disaster recovery. It also serves as the basis for understanding security vulnerabilities and creating policies that protect data at rest, data in transit and data in use.