The “CIA Triad”… What is this when it comes to ‘cisco’ internet protection?
If the first thing that comes to mind when you hear CIA is the Central Intelligence Agency then you are like most individuals. In this case, however, the CIA Triad actually refers to a security model that was developed to help individuals come to a better understanding of IT security. CIA refers to confidentiality, integrity and availability. In order to get a better understanding of how these different factors play into IT security, it is important for a person understand the basics of each aspect individually. Even individuals who are not IT professionals can benefit from better protecting themselves and their data in an increasingly digital world.
The confidentiality aspect of the CIA Triad refers to the importance of preventing unauthorized access to a person’s most sensitive information. This requires a person to decide on the appropriate levels of access for their information and then to enforce it using appropriate security software. Protecting information may also require an individual to separate their data into different collections that can then be organized according to its level of sensitivity or who is allowed access to it. An individual can make use of encryption, access control lists or file permissions to accomplish the goal of keeping their information confidential.
The next aspect in the CIA Triad is integrity. In this case it specifically refers to data integrity. This means protecting data from being deleted or modified by individuals who do not have authorization. It also may include protecting data from unwanted changes authorized parties or allowing those changes to be undone. There is also some data that should never be modified such as user account controls because they can lead to breaches in confidentiality or interruptions to service. Because there are some types of data, such as user files, that generally need to be more available, a comprehensive approach is usually necessary.
The final part of the CIA Triad is availability. This means the availability of data across a network including systems and files and the right authentication mechanisms that allow the right individuals to have access to the data. Managing availability can include a variety of tools including firewalls, antivirus programs, fail over redundancy systems, disaster recovery capabilities and others. While understanding the CIA Triad is crucial to protecting and managing information, there is no one-size-fits-all solution for every system. In order to determine whether or not there are weaknesses in your system or changes that need to be made, you will need to carefully assess every aspect of your data and how you intend to share and manage it.
Learn more about application security assessment or application security assessment