THE CIA TRIAD

The CIA triad is a well-known model in information security development. It is applied to various situations to identify problems and weaknesses and to establish security solutions.

This model is also referred to as AIC triad (availability, integrity and confidentiality) to avoid misconception with the Central Intelligence Agency. The elements of the triad are composed of confidentiality, integrity and availability.

Elements of CIA triad

Confidentiality

Confidentiality ensures that the information is accessible only to those who authorized to have access. It includes individuals, processes or devices. In today’s world information has a great value. Everyone has their own information they want to keep as a secret. It includes personal information, credit card numbers, trade secrets, government documents and bank statements accounts. Protecting such information is a very major part of information security.

Cryptography and Encryption methods are an example of an attempt to ensure confidentiality of data transferred from one computer to another. Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Encryption is the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties. These two methods contribute a lot to the effective monitoring of confidentiality in the organization.

Integrity

Integrity safeguards the accuracy and completeness of information and processing methods.  In the CIA triad, integrity is maintained when the information remains unchanged during storage, transmission, and usage not involving modification to the information. Integrity relates to information security because accurate and consistent information is a result of proper protection.

Database security professionals employ number of practices to assure data integrity, which includes:

• Data encryption, which locks data by cipher
• Data backup, which stores a copy of data in an alternate location
• Access controls, including assignment of read/write privileges
• Input validation, to prevent incorrect data entry
• Data validation, to certify uncorrupted transmission

Availability

The last element in the CIA triad is the availability of your data. It ensures that authorized users have access to information and associated assets when required. It means that the resources are available at a rate which is fast enough for the wider system to perform its task as intended. 

Almost every week you can find news about high profile websites being taken down by DDoS attacks. The primary aim of DDoS attacks is to deny users of the website access to the resources of the website. Such downtime can be very costly. Other factors that could lead to lack of availability to important information may include accidents such as power outages or natural disasters such as floods.

But how can one ensure data availability? The answer is back up. Regularly doing off-site backups can limit the damage caused by damage to hard drives or natural disasters. For information services that is highly critical, redundancy might be appropriate. Having an off-site location ready to restore services in case anything happens to your primary data centers will heavily reduce the downtime in case of anything happens.

Conclusion

It can be concluded that the fulfillment of the CIA principles and the compliance with the goal of the information security is not a goal with a clear end but an open goal that continually changes with time and within the changes in technology. The CIA triad guides information security efforts to ensure success. Thus, the CIA triad requires that organizations and individual users must always take caution in maintaining confidentiality, integrity and availability of information.