CIA Triad

 



Confidentiality ( C )

  • Ensuring that only authorized people can access certain data or systems.
Confidentiality covers two concepts.
  1. Data confidentiality - 
    • Assures that confidential information is not made available or disclosed to unauthorized individuals.
  2. Privacy - 
    • Assures that the owners have control on:
      • What information related to them may be collected and stored, 
      • By whom and to whom that information may be disclosed.

Integrity ( I )

  • Integrity means that information is accurate, complete, and unaltered.
This term covers two related concepts. 
  1. Data integrity: 
    • Information and programs are changed only in a specified and authorized manner.
  2. System integrity:
    •  A system performs its intended function in an unimpaired manner. 
    • Free from deliberate or inadvertent unauthorized manipulation of the system.


Availability (A)

  • Systems work promptly and service is not denied to authorized users.

Additional Objectives

Authenticity: 

  • Able to verify that 
    • The users are who they claim they are, and 
    • The system receives data from a trusted source.

Accountability: 

  • Able to trace back the actions performed by an entity to that entity. 
  • Accountability supports: 
    • Nonrepudiation 
    • Deterrence
    • Fault isolation
    • Intrusion detection and prevention
    • After-action recovery 
    • Legal action  


    Comments

    Post a Comment

    Popular posts from this blog

    What is Cybersecurity?

    In today’s digital world, we use the internet for everything from banking and shopping to studying and working. But with convenience comes risk. That’s where cybersecurity comes in. 🛡️ What is Cybersecurity? Cybersecurity is the practice of protecting systems, networks, and data from digital attacks. These attacks aim to access, change, or destroy sensitive information, extort money, or interrupt normal operations. In simple terms: Cybersecurity is like locking your house, but for your computer and online data. ⚠️ Why is Cybersecurity Important? Every day, hackers try to: Steal personal information like passwords or credit card numbers Spread viruses or malware to damage computers Take over systems and ask for ransom (ransomware attacks) Spy on users or organizations for political or financial gain If we don’t protect our devices and information, anyone can become a victim. 💻 Common Types of Cyber Attacks Phishing – Fake emails that trick you into gi...
    Read more

    Ensuring Security in a System

     Exploits A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).  An Exploit can cause, Gaining control of a computer system. Allowing privilege escalation Denial-of-service (DoS or related DDoS) attack. Vulnerability Assessment The process of defining, identifying, classifying and prioritizing vulnerabilities in Information systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately. Penetration Testing  Also called pen testing or ethical hacking. The practice of testing a Information system, network or web application to find security vulnerabilities that an attacker could exploit.  The process involves gathe...
    Read more