Confidentiality, Integrity, Availability
✅ What is the CIA Triad?
The CIA Triad is a security model that guides organizations in securing their data and systems. It represents three core principles that ensure information security:
Confidentiality
Ensuring that data is accessible only to authorized people.
Prevent unauthorized access
Integrity
Ensuring that data is accurate, consistent, and unaltered.
Prevent unauthorized modification
Availability
Ensuring that data and systems are accessible when needed.
Ensure timely access for users
🔑 1. Confidentiality
Confidentiality focuses on protecting sensitive data from unauthorized access and disclosure. It ensures that only the right people can access specific information.
✅ Techniques to Ensure Confidentiality:
Encryption (e.g., SSL/TLS for web traffic)
Authentication (username/password, MFA)
Access Control (role-based access, permissions)
Data masking (hiding sensitive parts of data)
VPN (Virtual Private Network)
🔐 Example:
Personal data like credit card numbers, medical records, or business secrets are encrypted and accessible only to authorized individuals.
🔑 2. Integrity
Integrity means ensuring that data is correct, complete, and has not been tampered with. It protects data from unauthorized modification or deletion.
✅ Techniques to Ensure Integrity:
Hash functions (e.g., SHA-256 for file verification)
Checksums and digital signatures
Version control systems
Data validation and error checking
Audit logs for tracking changes
🛡️ Example:
When transferring a bank transaction, integrity ensures that the amount is not altered during transmission.
File integrity checks to detect malware or corruption.
🔑 3. Availability
Availability ensures that authorized users can access data and systems when needed. It prevents disruptions that would make information or services unavailable.
✅ Techniques to Ensure Availability:
Redundant systems and backups (e.g., data replication)
Failover and disaster recovery plans
DDoS protection and traffic filtering
System maintenance and monitoring
Power backups (e.g., UPS)
💡 Example:
An e-commerce website must be available 24/7 so customers can shop anytime.
Bank ATMs must be operational for cash withdrawals at all times.
🎯 Summary Table of CIA Triad:
Confidentiality
Prevent unauthorized access
Passwords, encryption, MFA
Integrity
Prevent unauthorized changes or corruption
Hashing, checksums, digital signatures
Availability
Ensure data/systems are accessible
Backups, DDoS protection, redundancy
✅ Simple Real-life Scenario Applying CIA Triad:
Imagine online banking:
Confidentiality: Only you can see your bank account info (protected via login + 2FA).
Integrity: Your account balance cannot be altered by anyone unauthorized (verified transactions).
Availability: You can access your account anytime (bank ensures site is online).
Last updated