In IT security, there will be multiple references to the CIA Triad. The name originates from the three words: Confidentiality, Integrity and Availability, but how does it affect the everyday internet browser or the multi-level enterprise?
What does it mean?
It is the principle of security that determines who have access to specific information by evaluating the impact it may have if it should land in the wrong hands.
If only the people who are allowed can access their required data then everyone else should be denied, therefore being strict on data access control can be a business or life saver.
Training people how to handle sensitive information is also necessary along with proper data-control rules and strong passwords.
Examples of confidentiality practices are:
- Unique and Strong Passwords
- Social Engineering training
- Two-Factor Authentication
- Biometric verification and access control
- Security tokens
- Digital Certificates
- UserID or Usernames instead of emails and ID Nr.
- Reducing locations of sensitive data storage
How trustworthy is your data? Integrity ensures that the data is accurate, consistent and trustworthy. Trusting your data is important and should be maintained over it’s period of time. Data which is sensitive should be kept unaltered in transit and security measures to be in place to handle access controls and file permissions to ensure only the authorized users may alter the files or data.
Proper backups and redundancy along with version control should be in place to guarantee the accuracy of the data in the event of unintentional changes of the data occurs. In some cases server crashes or glitches can cause data integrity to fail and therefor proper measures should be in place to ensure that this does not happen or at-least could be recovered. This preparation can also assist with malicious altering of data.
Examples of Integrity preparations:
- Backup and redundancy systems
- Version Control
- Cryptographic Checksums
- File and data access control
- Real-time Report and Monitoring
- Centralized Access and Management
- Error-Correcting Memory
- Clustering File Systems
- Parity Checks
- Message Authentication
- Data Entry Auditing
You would like to have access to your data at any time and this is where the availability comes in. The people who are allowed to access the data should be able to access the data. Ensure that the software and hardware in the systems provide the necessary availability of the required data.
If more data transfers are happening than the network or system allows, there may be congestion which will slow down or bring the data transfers to a complete halt. This can prevented by upgrading the hardware or by prioritising the important traffic.
In many cases, downtime is a big financial and time loss, which in most cases could’ve been avoided by having proper availability solutions in place.
Examples of Availability options:
- Off-site Backups
- RAID/Redundant Storage
- Failover or Additional Connections
- Quality of Service or Traffic prioritization
- Fail-over Clustering
- Bandwidth Control
- Process Utilization monitoring
- Backup Generators, UPS’s or Additional Power Sources
- Load-balancing Hardware and Software
By using the CIA Triad, you will be able to prepare your systems for the worst-case scenarios and ensure that you have a proper working environment.