The CIA Triad is a model for analyzing information security using three major components: Confidentiality, Integrity and Availability. The CIA Triad is essentially a basic map for framing discussion on how threats may undermine our three key principles and what measures we can take to protect them.
Access must be restricted to those authorized to view the data in question.
It is common, as well, for data to be categorized according to the amount and type of damage that could be done should it fall into unintended hands. More or less stringent measures can then be implemented according to those categories.
Sometimes safeguarding data confidentiality may involve special training for those privy to such documents. Such training would typically include security risks that could threaten this information. Training can help familiarize authorized people Cia triad security models risk factors and how to guard against them.
A good example of methods used to ensure confidentiality is an account number or routing number when banking online. Data encryption is a common method of ensuring confidentiality.
User IDs and passwords constitute a standard procedure; two-factor authentication is becoming the norm. Other options include biometric verification and security tokenskey fobs or soft tokens.
In addition, users can take precautions to minimize the number of places where the information appears and the number of times it is actually transmitted to complete a required transaction. Extra measures might be taken in the case of extremely sensitive documents, precautions such as storing only on computers, disconnected storage devices or, for highly sensitive informationin hard copy form only.
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people for example, in a breach of confidentiality.
These measures include file permissions and user access controls. Version control maybe used to prevent erroneous changes or accidental deletion by authorized users becoming a problem. In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events such as an electromagnetic pulse EMP or server crash.
Some data might include checksumseven cryptographic checksumsfor verification of integrity.
Backups or redundancies must be available to restore the affected data to its correct state. Availability is best ensured by rigorously maintaining all hardwareperforming hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts.
Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are equally important. RedundancyfailoverRAID even high-availability clusters can mitigate serious consequences when hardware issues do occur.
Fast and adaptive disaster recovery is essential for the worst case scenarios; that capacity is reliant on the existence of a comprehensive disaster recovery plan DRP.
Safeguards against data loss or interruptions in connections must include unpredictable events such as natural disasters and fire.
To prevent data loss from such occurrences, a backup copy may be stored in a geographically-isolated location, perhaps even in a fireproof, waterproof safe.
Extra security equipment or software such as firewalls and proxy servers can guard against downtime and unreachable data due to malicious actions such as denial-of-service DoS attacks and network intrusions. Special challenges for the CIA triad:The CIA (Confidentiality, Integrity, and Availability) triad of information security is an information security benchmark model used to evaluate the information security of an organization.
Introduction . Information security means protecting information (data) and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction..
Information Security management is a process of defining the security controls in order to protect the information assets..
Security Program . The first action of a management program to implement information. Data need to be complete and trustworthy, and also accessible on demand, but only to the right people.
The CIA triad defines three principles—confidentiality, integrity, and availability—that help you focus on the right security priorities.
Random Security+ Acronyms Flashcards. These Security+ acronyms flashcards provide you with a quick reminder of many of the different Security+ related terms along with a short explanation.
Collectively referred to as the CIA triad of CIA security model, each attribute represents a fundamental objective of information security. The Federal Information Security Management Act (FISMA) defines the relation between information security and the CIA triad as follows.
Power of Prophecy is a Bible-believing Christian ministry. Enter here to learn about Bible Prophecy and what it means to you.