CIA Triad: Cybersecurity Fundamentals
The Foundation of Cybersecurity
The CIA Triad represents the three fundamental principles of cybersecurity that form the foundation of any security program. These principles guide how we protect information and systems.
Confidentiality ensures that there is no unauthorized access to information that occurs for a stored database. It's about keeping sensitive information private and accessible only to those who should have access.
Confidentiality Methods:
- File Permissions: Controlling who can read, write, or execute files
- Identification and Authentication: Verifying user identity
- Access Control Lists (ACLs): Defining specific permissions for users and groups
- Encryption: Converting data into unreadable format for unauthorized users
Integrity is the guarding and protection against unauthorized modification and/or destruction of confidential information. It ensures that data remains accurate, complete, and unaltered.
Integrity Methods:
- Authorization and Authentication: Ensuring only authorized users can modify data
- Encryption: Protecting data from tampering during transmission
- File Hash Verification: Using checksums to detect changes
- Digital Signatures: Verifying data authenticity and integrity
Availability is the process of ensuring timely access and ability to use stored information. Systems and data must be accessible when needed by authorized users.
Availability Methods:
- Backup Data: Regular data backups to prevent loss
- Backup Power: Uninterruptible power supplies and generators
- Fault Tolerant Systems: Redundant systems that continue operating despite failures
- Load Balancing: Distributing workload across multiple systems