What is the CIA Triad? CIA Triad in Cyber Security
“DATA” is new GOLD for 21st century
When we heard CIA Triad for the first time most of us think CIA Triad stands for “Central Intelligence Agency” which is an independent U.S. government agency.
But actually CIA Triad stands for
CIA — Confidentiality, Integrity and Availability.
The CIA triad is well-known Information Security model which is designed to guide policies for information security within an organization. Let’s understand CIA one-by-one.
Confidentiality
In simple words we can say
“ Information/data should be visible to only authorized individual/group.”
When we send any data over the network. That data should be accessed by the only authorized user.
Consider a Example of OTP. when we do any banking transaction we receive OTP from banking website. That OTP should not be shared to anyone else you might end up losing some amount. So here OTP is information that is only intended to you and it should not be shared to any other person. “Just imagine you are doing banking transaction and yout OTP comes to your friends mobile” HAHAHA.
Confidentiality assures you that Information/Data can be accessed by the only authorized users/group.
Sometimes attackers try to intercept data from network. To avoid this we can use Encryption.
Integrity
In simple words we can say
“Data should not be Altered”
Data should not be Altered or modify by anyone while data in transit mode ( move through network). It is design to protect data from deletion or modification from unauthorized person/group.
Let’s see one scenario,
Person A wants to send “HI” message to Person B. So person A type “Hi” message and sends to person B. Now this message is travel through network and reaches to person B. Now Person B receive message “Hi”. Here original message is not Altered.
Consider if Person A sends “HI” and Person B receives “Hello” at that time we can say Integrity of message is lost. To avoid this we can use HASH Technique.
With help of Hashing technique we can assure Integrity of Data.
Availability
In simple words
Authorized users can access data whenever they want to.
Availability is last component of the CIA triad and refers to actual availability of data and services whenever users need it. Availability measures are necessarily to protect uninterrupted access to the system. Some of the potentials risks to availability are natural disasters, hardware failures, network outage, unscheduled maintenance.Other malicious attacks can include threat actors trying to DDOS the service. This makes services unavailable to the legitimate users. availability of the services and data are one of the top priority of business, because even small downtime can lead to huge losses in revenue, reputation and customer dissatisfaction. There are various methods to ensure availability these include incident response team, keeping regular backups, redundant servers in various physical location.
The main purpose of cyber security is to ensure Confidentiality, Integrity, and Availability (CIA) of data.
