1.2 CIA Triad

CIA Triad

Confidentiality, Integrity, and Availibility

Confidentiality

Prevent disclosure of information to unauthorized individuals or systems

Integrity

Messages cannot be modified without detection or disclosure, consistency

Availability

Systems and networks must be up and running

Confidentiality implementation

Encryption

Confidentiality implementation

access controls

Confidentiality implementation

two-factor authentication

Integrity implementation

Hashing

Integrity implementation

digital signature (mathematical scheme)

Integrity implementation

certificate (combine with signature)

Integrity implementation

non-repudiation (provides proof of integrity)

Availability implementation

Redundancy, building services that are always availible

Availability implementation

Fault tolerance, system has a built in failure case, can continue operation

Availability implementation

Patching, general stability and security hole addressing