Confidentiality, Integrity, and Availability. These are the three core components of the CIA triad, an information security model meant to guide an organization’s security procedures and policies. Show While people outside the information security community might hear the phrase CIA Triad and think “conspiracy theory,” those in the cybersecurity field know that the CIA Triad has absolutely nothing to do with the Central Intelligence Agency and everything to do with keeping your organization's data, networks, and devices safe and secure. What is the CIA Triad?The CIA triad is widely accepted as a model in information security. It’s not a singular doctrine and there was no one author. Rather the model appears to have developed over time, with roots as old as modern computing, pulling concepts from various sources. Ben Miller, vice president for Dragos, seems to be one of the few people who has done any digging on the origins of the triad. He wrote a blog post 11 years ago about its roots and was unable to find a single source. Instead, the concepts seem to be pulled from a few different documents: a 1976 paper for the U.S. Air Force, for example, and a paper written in the 1980s about the difference between commercial and military computer systems. Whatever the source, the CIA triad has three components:
All of these concepts are important on their own to security professionals of all kinds. The reason these three concepts are grouped into a triad is so information security professionals can think of the relationship between them, how they overlap, and how they oppose one another. Looking at the tension between the three legs of the triad can help security professionals determine their infosec priorities and processes. An example of the CIA triad in practiceThink of logging into an
e-commerce site to check your orders and make an additional purpose. The e-commerce site uses the three principles of the CIA triad in the following ways:
This is just one example of how the triad can be practically applied. There are several, more specific examples for each leg of the CIA stool. For example, examples of Confidentiality can be found in various access control methods, like two-factor authentication, passwordless sign-on, and other access controls, but it’s not just about letting authorized users in, it's also about keeping certain files inaccessible. Encryption helps organizations secure information from both accidental disclosure and malicious attacks. Integrity can be maintained with access control and encryption as well, but there are many other ways to protect data integrity, both from attacks and corruption. Sometimes it’s as simple as a read-only file. Sometimes, it involves hashing or data checksums, which allow data to be audited to ensure the data hasn’t been compromised. In other cases, integrity might be protected physically from outside sources that might corrupt it. Availability is really about making sure your systems are up and running so that business can continue, even in the face of an attack. DDoS (Distributed Denial of Service) attacks rely on limited availability, for example. For this reason, creating a DDoS response plan and redundancy in your systems is a way of ensuring availability. However, when there’s no attack, systems can still fail and become unavailable, so load balancing and fault tolerance are a way to keep systems from failing. How can SecurityScorecard help?The CIA triad alone is not enough to keep your data secure. You also need to be aware of where your risks are. SecurityScorecard can help you monitor your information security across 10 groups of risk factors with our easy-to-understand security ratings. Our ratings continuously monitor every part of your security operation. We monitor your information security by keeping an eye on your data and the systems and networks you have in
place to protect it, and we also monitor your cybersecurity by making sure your organization’s systems are patched when they need to be, and that there’s no hacker chatter about your organization on the dark web. Once your score drops, you’ll know that something has changed, and our platform will then offer remediations to help you fix the problem before there’s a breach. What are the three main goals of the CIA of security?These three letters stand for confidentiality, integrity, and availability, otherwise known as the CIA triad. Together, these three principles form the cornerstone of any organization's security infrastructure; in fact, they (should) function as goals and objectives for every security program.
What are the goals of the CIA?At the CIA, our mission is to preempt threats and further U.S. national security objectives by:. Collecting foreign intelligence that matters;. Producing objective all-source analysis;. Conducting effective covert action as directed by the president; and.. Safeguarding the secrets that help keep our Nation safe.. What is the CIA of information security management?The three letters in "CIA triad" stand for Confidentiality, Integrity, and Availability. The CIA triad is a common model that forms the basis for the development of security systems. They are used for finding vulnerabilities and methods for creating solutions.
What is purpose of the CIA security model?Confidentiality, Integrity, and Availability. These are the three core components of the CIA triad, an information security model meant to guide an organization's security procedures and policies.
|