cia triad

• Combination of principles– The fundamentals of security– Sometimes referenced as the AIC Triad • Confidentiality– Prevent disclosure of information to unauthorized individuals or systems • Integrity– Messages can’t be modified without detection • Availability– Systems and networks must be up and running Confidentiality • Certain information should only be known to certain people– Prevent unauthorized information disclosure • Encryption– Encode messages so only certain people can read it • Access controls– Selectively restrict access to a resource • Two-factor authentication– Additional confirmation before information is disclosed © 2023 Messer Studios, LLC Integrity • Data is stored and transferred as intended– Any modification to the data would be identified • Hashing– Map data of an arbitrary length to data of a fixed length • Digital signatures– Mathematical scheme to verify the integrity of data • Certificates– Combine with a digital signature to verify an individual • Non-repudiation– Provides proof of integrity, can be asserted to be genuine Availability • Information is accessible to authorized users– Always at your fingertips • Redundancy– Build services that will always be available • Fault tolerance– System will continue to run, even when a failure occurs • Patching– Stability– Close security holes https://ProfessorMesse