Confidentiality, Integrity and Availability, also known as the CIA triad.
Its an model design which guides the organization to design its security policies.
It is these three principles that often get exploited through varying degrees of exploits/attacks.
Confidentiality
Its an measures undertaken to ensure confidentiality by
preventing sensitive information from reaching the wrong
people, while making sure that the right people can in fact
get it.
If we are bank and our user wants to access the account via banks web, how can we provide confidentiality to his data.
The answer will be via User name and password, he has to ensure the privacy of the password so that his data remains confidential.
Other confidentiality options can also be data encryption, sending OTP, Bio-metric verification or use of RSA tokens.
Integrity
Integrity involves maintaining the consistency, accuracy,
and trustworthiness of data.
Data must not be changed in transit, and steps must be
taken to ensure that data cannot be altered by
unauthorized people.
Use of Checksum is an best example of Integrity check.
Certain value “ADG45SD78L” is been calculated by applying some algorithm on the file and then sent to the recipient along with the file.
The recipient on receiving the file again runs the same algorithm and verifies the output “ADG45SD78L” with the senders output to identify the Integrity of the File.
Availability
Availability concept is to make sure that the services of an
organization are available.
The data is always available to legitimate users and not
blocked my any means
It may happen that we provided
confidentiality, we maintained the integrity but the data only is not available.
So there can be a case where our server gets under DDOS attack.
DDOS is an sophisticated attack where attackers attack in group resulting into full utilization of the resources.
In such cases if our legitimate user tries to access the server, he will be shown server down.
We have to take all the necessary actions to make sure the resource or data which we are sharing is always available.
Thank you friends for reading the blog post describing CIA
Now let’s continue our journey and meet in the upcoming blog
No comments:
Post a Comment