CIA Triad
- 18 / Nov / 2020
- By: Sarath G
- Comments: 2
This name will be more familiar for Information security Professionals, Researchers and Developers. When someone hears “CIA Triad”, they may think that “ Oh! It is very complicated, It is very technical.. ” ( I have heard the same from some developers). So that I wish to breakdown that complexity of CIA Triad.. Let’s make it more simple… :-)
What is the use of CIA Triad?
The CIA triad is mainly used to create information security policy
C I A
You have heard CIA, right? In some movies you have heard this name “Central Investigation Agency ” …… ;-)
But here, in the information security world the CIA stands for 3 important part of the data security. Those are;
C - Confidentiality
I - Integrity
A - Availability
Let’s explore each of them,
CONFIDENTIALITY
It is the crucial part of our current world , ( The digital world ), All of you know that in our current scenario we can’t live without internet, which means, that much of data is flowing through the internet. what that means? can someone intrude into your privacy?, The answer is YES, we call them HACKERS… This is where the confidentiality have its own role. The confidentiality mainly deals with the authorization to get access to the data. As I have mentioned above, the CIA Triad is used to create information security policies for the organization, An organization may have the user’s details such as Name, E-Mail Address , Contact Number , etc.. Which are collectively known as sensitive information. For keeping confidentiality of the sensitive information the organization uses encryption techniques. So that, confidentiality of the data is dependent on certain level of access to the information.That is the organization need to calculate the impact of loss or damage that can cause to the organization or to the user if a confidentiality breach occurs.
For explaining the same let us use our everyday partner ; “ WhatsApp”. As a WhatsApp user you may have noticed this sentence
“ Messages to this chat are now secured with end-to-end encryption ”
As you can see that in the figure 1.1 only two persons have the access to that particular data ( Level of Access to the Information), and your communication is confidential( Third parties are not allowed to see your chats, Including WhatsApp servers)
Integrity
Integrity of the data means that, protection of data from being altered by unauthorized parties.
Just think about a money transaction
You are paying ₹100 to your friend but an attacker enters into the scene and he alter the amount from ₹100 to ₹10000. It will be a big loss for you,right ?
As in the confidentiality, we are using the technique of cryptography here, the difference is we are using Hashing here not Encryption and Decryption. Hashes are unique so that by comparing the original file’s hash with the received file’s hash we can find out that the file is altered or not.
We are mainly using two algorithms for hashing SHA(Secure Hashing Algorithm) and MD5 ( Message Digest 5). ( We can discuss more about hashing and hashing algorithms in my next article.)
Availability
Availability ensures that a system’s authorized users have prompt and uninterrupted access to the information in the system and to the network.
The availability is the most crucial part of CIA triad. Let’s look into it with an example ;
Our state government is publishing a press release for the public, for them to be effective, the information they have should be available for the public so that the confidentiality does not matter here. and the integrity only have second priority , governments ensure that their websites and systems have minimal or insignificant downtime. Backups are also used to ensure availability of public information.
Attacks caused against the availability of CIA triad are, Denial of Service (DoS) and Distributed Denial of Service (DDoS).
For mitigating this kind of attacks the servers need to have dedicated hardware devices which can be used to guard against downtime and data latency caused because of attacks such as distributed denial-of-service (DDoS) attacks. An example for this kind of hardware are “ Load Balancers”.
CIA Triad
The above mentioned figure shows the CIA triad. All the three factors of CIA Triad are very helpful to create a secure software.