CIA stands for Confidentiality, integrity, and availability. It is a model that is designed to aware of efforts and policies for information security within an organization. The CIA triad also is known with the AIC triad (availability, integrity, and confidentiality). It is a broadly used information security model. The three principals are as below
Confidentiality
- To access/modify the data, only authorized users should be able to do so.
- Procedures are undertaken to make sure Confidentiality is designed for the prevention of sensitive information from reaching the wrong people. It ensures that authorized people can access it.
- Generally data can be categorized according to amount and kind of damage. Less or more strict procedures can then be implemented according to the categorization.
- Sometimes special training conduct (through various methods like telephonic or video conversation etc) for sensitive documents involves safeguarding data confidentiality.
- It may include password related best methods which may help in making a strong password.
- It also prevents users from in-direct data handling rules with good intentions.
The best examples of procedures/methods used to ensure confidentiality areas
- User-Id and Passwords
- Routing No/Account No. during online banking
- Data Encryption
- Bio-Metric Verification
- Security Tokens
- Key Fobs or Soft Tokens
Integrity
Integrity involves data that cannot be altered by an unauthorized user.It is used to maintaining the accuracy, consistency, trustworthiness of data.
Sometimes for verification of Integrity, non-human activities such as EMP (Electromagnetic pulse) or server crash, checksums, cryptographic checksums, etc occurs.At that time, Backups must be available to repair or restore the affected data to its approved or correct state.
No one should be able to modify the data, either unintentionally or intentionally as data should be maintained in an approved or exact state
Availability
Authorized persons or users should be capable to access data whenever they require to do so. It is a guarantee of trustworthy access to the information or data by any authorized users. Availability involves
- Maintaining all hardware on time
- Immediately performing hardware repairs
- Upgrading all the necessary hardware system
- Providing adequate communication bandwidth.
- Fast and adaptive disaster recovery is essential
- Existence of DRP( Disaster Recovery Plans)
Importance of CIA triad
To understand the importance of the CAI triad, Let us considered it with an example of a bank ATM, An ATM follows all the three principles of CIA (Confidentiality, Integrity, and Availability) triad.
Before providing access to your data, the ATM card provides Confidentiality by requiring a physical plastic card and a PIN code. It is also known as “two-factor authentication”.
Data Integrity is imposed with the bank software and ATM. By ensuring that any transaction made via the ATM machine are reflecting in the accounting for the user’s bank account.
Availability is provided by the ATM. Because it is situated in a public place and here it is accessible even when the bank branch is closed.
Challenges for the CIA triad
The extra challenges to the CIA model are posed by ‘Big Data’. The huge volume of information from multiple sources and in a variety of formats requires to be safeguarded. Disaster recovery plans & duplicate data sets can lead to high costs. The important concern of big data is collecting and making useful interpretation of all this data or information, responsible data lapse is often lacking.
Also check: Way to prevent Cyber Attack
Conclusion
In this article, we have discussed about confidentiality, integrity and availability. I hope you like CIA principles in information security. If you are having any kind of doubt, ask me freely in the comment box.
