Word of the Day: confidentiality, integrity, and availability (CIA triad)

Word of the Day Daily updates on the latest technology terms | August 8, 2019 confidentiality, integrity, and availability (CIA triad) Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. The model is also sometimes referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with the Central Intelligence Agency. The elements of the triad are considered the three most crucial components of security. In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people. Confidentiality: Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people, while making sure that the right people can in fact get it: Access must be restricted to those authorized to view the data in question. It is common, as well, for data to be categorized according to the amount and type of damage that could be done should it fall into unintended hands. More or less stringent measures can then be implemented according to those categories. Sometimes safeguarding data confidentiality may involve special training for those privy to such documents. Such training would typically include security risks that could threaten this information. Training can help familiarize authorized people with risk factors and how to guard against them. Further aspects of training can include strong passwords and password-related best practices and information about social engineering methods, to prevent them from bending data-handling rules with good intentions and potentially disastrous results. A good example of methods used to ensure confidentiality is an account number or routing number when banking online. Data encryption is a common method of ensuring confidentiality. User IDs and passwords constitute a standard procedure; two-factor authentication is becoming the norm. Other options include biometric verification and security tokens, key fobs or soft tokens. In addition, users can take precautions to minimize the number of places where the information appears and the number of times it is actually transmitted to complete a required transaction. Extra measures might be taken in the case of extremely sensitive documents, precautions such as storing only on air-gapped computers, disconnected storage devices or, for highly sensitive information, in hardcopy form only. Integrity: Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality). These measures include file permissions and user access controls. Version control may be used to prevent erroneous changes or accidental deletion by authorized users becoming a problem. In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash. Some data might include checksums, even cryptographic checksums, for verification of integrity. Backups or redundancies must be available to restore the affected data to its correct state. Availability: Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts. It?s also important to keep current with all necessary system upgrades. Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are equally important. Redundancy, failover, RAID even high-availability clusters can mitigate serious consequences when hardware issues do occur. Fast and adaptive disaster recovery is essential for the worst case scenarios; that capacity is reliant on the existence of a comprehensive disaster recovery plan (DRP). Safeguards against data loss or interruptions in connections must include unpredictable events such as natural disasters and fire. To prevent data loss from such occurrences, a backup copy may be stored in a geographically-isolated location, perhaps even in a fireproof, waterproof safe. Extra security equipment or software such as firewalls and proxy servers can guard against downtime and unreachable data due to malicious actions such as denial-of-service (DoS) attacks and network intrusions. Continue reading... Quote of the Day "Device security should be incorporated into any design, and IoT deployments are not exempt. The general approach is to use the CIA triad: ensure the confidentiality, integrity and availability of the technology." - Rick Vanover Trending Terms social engineering counterintelligence IoT privacy IoT security infosec CISSP Learning Center What tactics can organizations adopt to drive cloud security practices? In this SearchCIO Ask the Expert, Gartner research director Marco Meinardi highlights cloud security practices that CIOs can implement for effective use of public cloud services. Now and later with IoT: What to consider regarding cost, reliability and security While the benefits of IoT are becoming clear for many organizations, considering cost, reliability and security prior to deployment are critical. Veeam's Rick Vanover discusses. CISO: Data integrity and confidentiality are 'pillars' of cybersecurity In this Q&A, learn how one cybersecurity industry veteran maintains what she said are the basic, fundamental aspects of information protection: ensuring data integrity and confidentiality. Get smart with cloud backup security through 'CIA' IT will often wonder if backup data is safe in the cloud. Ensure cloud backup security with data confidentiality, integrity and availability. Gartner Catalyst 2018: A future without data centers? Advancements in cloud computing has allowed some organizations to move toward shutting down entire data centers. At the Gartner Catalyst 2018 conference in San Diego, Gartner research vice president Douglas Toombs discussed ways to determine which applications are cloud-ready. Quiz Yourself Today's CISO needs interpersonal skills in order to _________ others in the boardroom to support their cybersecurity vision. A. convince B. persuade Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.