ITNSA2-33_video_01

Security Goals: The CIA Triad

Overview of the CIA Triad

  • The CIA Triad, consisting of three principles: Confidentiality, Integrity, and Availability, serves as the foundational framework of security.

  • Most security vulnerabilities arise from breaches in at least one of these components.

  • Each security control implemented by an organization must align with one or more of these principles to effectively manage risks.

Confidentiality

  • Definition: Confidentiality ensures that sensitive information is not disclosed to unauthorized parties.

  • Importance of Sensitivity Levels: Before implementing access and confidentiality measures, it is crucial to evaluate the sensitivity level of the data in question.

    • Data with a higher sensitivity level will necessitate stricter access restrictions compared to less sensitive data.

  • Methods to Maintain Confidentiality:

    • Access Control: Utilizing identification, authentication, and permissions to restrict access.

    • Encryption: Encrypting data is a well-known method that ensures confidentiality by rendering information unreadable to unauthorized users.

Integrity

  • Definition: Integrity safeguards the accuracy and completeness of data, protecting it from unauthorized alterations or corruption.

  • Goal of Data Integrity: The primary aim is to ensure consistency of data across files, databases, systems, and networks.

  • Controls Supporting Integrity:

    • Access Control Lists (ACLs): These lists specify which users or system processes have permission to access or modify data.

    • Hash Values: Hash functions can produce a unique value for data, allowing verification that the data remains unchanged.

Availability

  • Definition: Availability ensures that data is accessible when needed and that systems are functioning correctly.

  • Points of Impact on Availability:

    • When an attack disables or cripples a system, affecting its accessibility.

    • During and after a disaster when service may be disrupted.

  • Assessing System Importance: Each system should be evaluated based on its criticality to organizational operations, which informs the application of controls.

  • Controls to Enhance Availability:

    • Fault Tolerant Technologies: Such as Redundant Array of Independent Disks (RAID).

    • Redundant Locations: Utilizing backup sites to ensure data remains available otherwise disrupted.

Conclusion

  • The CIA Triad is the backbone of security strategies in any organization.

  • Adhering closely to these principles is essential to developing a robust security posture.