What is the CIA triad?
The first thing you think about when you hear the acronym CIA is the Central Intelligence Agency, which is an independent U.S. government agency that is responsible for providing national security intelligence in the U.S. However, if you work in Cyber Security, CIA is one of the main fundamental security models that form the basis for the development of security systems and policies. The three letters in “CIA triad” stand for confidentiality, integrity, and availability and together are considered the three most important concepts within information security.
The CIA triad forms the basis of any organization’s information security program and any time there is a data leak, data breach or security incident you can be certain one or more of these principles has been violated.
The three components of the CIA Triad
The CIA security triad is comprised of three functions:
- Confidentiality – ensures that only authorized user/system/resource can view, access, change, or otherwise use data.
- Integrity – ensures that the system and information is accurate and correct.
- Availability – ensures that systems, information, and services are available the vast majority of time.
Confidentiality is defined as your ability to keep something secret. This first CIA triad component is concerned with preventing unauthorized access to your sensitive information. In enterprise security, confidentiality is breached when an unauthorized person can view, take, and/or change your files. The two main methods used to ensure confidentiality is cryptography and access control.
Cryptography – Attackers can try to capture and steal your data while in transit by using different tools available on the Internet. A primary way to avoid this is to use encryption techniques to safeguard your data so that even if the attacker gains access to your data, he/she will not be able to decrypt it. Encryption standards include AES(Advanced Encryption Standard) and DES (Data Encryption Standard). Another way to protect your data is through a VPN tunnel. VPN stands for Virtual Private Network and helps the data to move securely over the network.
Access Control – A major part of protecting the confidentiality of data is controlling who has access to it. Confidentiality supports the principle of “least privilege” i.e. A principle that ensures any user, program, or process has only the bare minimum privileges required to perform its function.
Integrity is the security component that provides the confidence that the data is accurate and can be trusted and is protected from intentional, unauthorized, or accidental changes while the object is in storage, in transit, or in process.
Various encryption methods can help achieve integrity by providing assurance that a message wasn’t modified during transmission. Confidentiality and Integrity are dependent on each other because without object integrity confidentiality cannot be maintained. Common methods of protecting your data integrity include hashing and checksums, file permissions and user access controls.
Hashing – A hash is simply a number created by executing a hashing algorithm against data, such as a file or message. If the data never changes, the resulting hash will always be the same. By comparing hashes created at two different times, you can determine if the original data is still the same. If the hashes are the same, the data is the same. If the hashes are different, the data has changed. Types of hashing algorithms can include Message digest 5 (MD5), Secure hashing algorithm 1 (SHA1) and Secure hashing algorithm 256 (SHA256).
The CIA triad component, “Availability”, refers to ensuring that the data is always available and that all authorized parties are able to access the information when needed. Systems, applications, and data are of little value to an organization and its customers if they are not accessible when authorized users need them. Many things can jeopardize availability, including hardware or software failure, power failure, natural disasters, and human error. Perhaps the most well-known attack that threatens availability is the denial-of-service attack, in which the performance of a system, website, web-based application, or web-based service is intentionally and maliciously degraded, or the system becomes completely unreachable.
Countermeasures to help ensure availability include redundancy (in servers, networks, applications, and services), hardware fault tolerance (for servers and storage), regular software patching and system upgrades, backups, comprehensive disaster recovery plans, and denial-of-service protection solutions.
The CIA triad is an essential concept in cybersecurity. When a company maps out a security program, the CIA Triad can serve as a useful tool that justifies the need for the security controls that are considered. All security actions inevitably lead back to one or more of the three principles. An organization must ensure that the three aspects of the CIA triad are implemented, which is a necessary step in designing any secure environment.