CIA – Confidentiality Integrity Availability

CIA triad is simple but widely applicable security model which is designed to guide policies and procedures for information security. It stands for Confidentiality, Integrity, and Availability.

Confidentiality

It is the ability to protect information from unauthorized access. So, when it comes to security it is the most common aspect of CIA. Data can be available in two types:

1. In-transit data – information which actively moving through the network like emails, messages, chats etc.
2. Data at rest – information/data store at storage devices like hard drive, flash drive, laptop, or any other storage device.

Most often, confidentiality is attacked. Cryptography and Encryption are the methods to ensure confidentiality of data is not compromised.

Integrity

It is the ability to ensure that data is accurate and protected from being modified by unauthorized access. Modification of the data before sending it to the intended receiver is the most common type of attack to the integrity of confidential data.

Access control system(s) is the way to maintain the integrity of the data.

For example: HR(Human Resource) department of the company maintains the employee records like details, education, and work experience. Only HR team has the authorization to modify the data by access control systems like bio-metric machines, separate user accounts for HR team, the principle of least privilege etc.

Availability

It ensures that the information is readily available to the authorized users all the time.

Most common security attack to availability is “Denial of Service attack” which is also called “DoS attack”. In DoS attack, information assets are kept unavailable to the authorized user’s access.  In case of websites, cloud-based applications, and servers DoS is very common and can be prevented by good coding practices.

By security breach to availability of confidential data, a rivalry may become popular by making your services down temporarily or permanently.