Information Security (InfoSec) is protecting information, which is mostly in the digital form, from unauthorized use, modification or destruction. In today’s world, organizations store a huge amount of confidential information and this information is transmitted from one entity to another via networks. During this transfer, the information is susceptible to hackers, who could potentially steal this information and cause irreparable damage to the owners of this information. Hence information security has become a very important topic these days.
There are various well-known models & protocols for planning, implementing and enforcing information security. CIA Triad is one of the most popular models used in the industry to keep users and systems safe.
CIA Triad Model
In the world of information security, CIA stands for confidentiality, integrity, and availability and is at the heart of the information security practice.
Confidentiality is keeping information safe from prying eyes. While sensitive information is kept secure so that wrong people are not able to lay their hands on it, it is important that right people have the required access to it.
Being able to view your bank account details, only your and not someone else’s account details, when you log into your bank portal using your personal credentials is an excellent example of confidentiality.
A high level of confidentiality can be maintained by implementing methods like password based authentication systems when logging into an application. Data encryption, managing file permissions & access control, are some of the other most common methods of ensuring confidentiality.
Integrity is protecting and maintaining the precision and accuracy of information while it’s stored or being transmitted over a network. It is making sure that only an authorized group of people can access & modify it, but at the same time protecting it from an unauthorized group of people who could potentially alter it.
When you initiate a $500 wire transfer to a friend; he receives exactly $500, not $50 or $5000, but exactly $500. This is an example of maintaining information integrity while data is being transmitted across several networks.
It is important to note that one can protect the integrity of an asset without necessarily protecting the confidentiality or availability of it. Organizations must backup information so that it can be restored, in case the original information gets corrupted or tampered during storage or transmission.
Information integrity can be ensured by implementing the correct access permissions and the checksum feature during the various stages of information transmission and storage.
Availability is all about being accessible and reliable. It is keeping your website or application up and running as long as possible without any downtime because every second it is down it will cost money to the organization.
Being able to log onto cnn.com news portal 365 days a year anytime of the day to read the latest news from across the globe is a good example of high availability.
Availability is easiest to understand but hardest to implement because the longer the information is available, the chances of putting its confidentiality and integrity at risk increases.
Higher availability can be achieved by maintaining all hardware and software in good condition by performing necessary upgrades & timely repairs, maintaining a redundant-failover clustered environment and by performing hot swaps.
The CIA Triad model addresses the most important & key aspects of information security, but it is definitely not a comprehensive model that would resolve each & every potential information security issue in your organization.