CIA of Cyber Security

Nowadays almost everyone is someway or the other using information technology for their day to day activities. However we are Unaware and hardly bothered about the security issues associated to it. Hence I decided to provide initial level of Information Security related awareness to all the “CrazyEngineers”. I will add on to this as and when required. Here we go…


The security stands on three pillars and they are known as CIA triads.

The core components of Security are,

a) C = Confidentiality
b) I = Integrity
c) A = Availability

cia
a) Confidentiality: It is the assurance that the information will not be disclosed to unauthorized person or system. The reason for breach of confidentiality is due to improper handling of information. This could happen during transferring , storing and sharing of data. Confidentiality is an most essential part of any Military, government , financial institutional and hospital establishments.
Even the private businesses needs to make sure that their information remains confidential due to competitive and business rivalry reasons. Even for individuals who do transactions over internet using bank account details or credit card based transaction need to be confidential. Best way to handle confidentiality is to have access restricted to only authorized entities. Entities could include any person, application, peer node etc.


b) Integrity: It assures that the information is not modified without being getting detected. To elaborate it further it is the assurance that the information is not modified/altered by inappropriate/unauthorized person also accidental/unintentional information modification /alteration by authorized person. There could be various reasons for integrity to be compromised, few of them could be due to corruption of data while transaction, virus attack, faulty medium where data is stored, improper programming practices specifically related to database, wrong practices of information storage (magnetic tapes and other type of media), logic bombs activated by disgruntled employees. Best practices involves the access to data is available only to authorized persons, authorize channels , restricted access , input validation etc.

c) Availability: It is termed as making sure that the information is accessible whenever required. Even if we are able to maintain confidentiality and integrity of information , but if the information is not available in timely manner than it is of no use. Hence confidentiality is equally important as far as CIA triad is concerned. Availability could be software, hardware , communication medium, database etc. Availability can be dependent of various factors such as no single point of failure, data availability, application reliability, power supply etc. For information availability certain factors needs to be taken into consideration like redundancy, data backup, application testing for high load , power generators, UPS systems etc. It depends on the type of application we want to make available. There are generally service level agreement (SLA) that is associated with the availability. There are various factors affecting hardware and devices such as Mean Time Before Failure (MTBF ), Mean Time To Repair (MTTR) but they are out of scope for this book. Operational procedures is also one of the key factor to make sure that we have a high availability.


The above factors gets affected by loopholes in the system also known as vulnerabilities. As we move forward , we will go into details of vulnerabilities.

Replies

You are reading an archived discussion.

Related Posts

Hi Everybody, I am planning to buy a LED Tv this diwali. This is my first tv purchase since we are using a samsung CRT for the past 13years.Everybody I...
Hey everyone, What are some good universities to study Computer Engineering in Germany preferably? Also how is life there, are people friendly or any other experience that you guys have,...
I've graduated from Pune University and would love to get together with friends from all over and from the field so that we may get to learn from each other.
Want to know as i have not any relative in electronics industry, what to do to get interviewed in good electronics company as I have applied in a lot of...
Problem: You tried to install Windows on your Mac via OSX inbuilt BootCamp utility and the installation didn't went through properly OR you removed Windows from your Mac which you...