CIA TRIAD, THREATS/VULNERABILITIES, AND CONTROLS

Overview of the CIA Triad

CIA stands for Confidentiality, Integrity, and Availability. It is presented in various formats such as a triangle, a three-legged stool, or three pillars. All three components are essential for security and are foundational in various domains of cybersecurity.

Confidentiality

Confidentiality ensures that sensitive information is kept secret from unauthorized access. Sensitive Information includes:

• Personally Identifiable Information (PII): Information that can identify an individual, such as name, address, social security number.

• Healthcare information: Medical records and personal health information which must remain private to protect patient rights.

• Trade secrets: Business information that is confidential to provide a competitive edge.

• Intellectual property: Creations of the mind (e.g., patents, copyrights) that must be protected from unauthorized use.

Strategies to Ensure Confidentiality:

• Encryption: Converting plaintext into ciphertext, requiring a key for decryption, ensuring that unauthorized users cannot read the data even if they gain access.

• Access Control: Limiting access to data based on permissions, ensuring only authorized users can access sensitive information through methods like role-based access control (RBAC).

• Physical Security: Protecting physical access to servers and databases (e.g., using locks, security personnel, and camera surveillance).

Example of encryption tool: ROT13, where each letter is rotated by 13 places, offering a basic level of confidentiality.

Integrity

Integrity refers to maintaining the accuracy and consistency of data over its entire lifecycle. It is crucial for ensuring that information remains reliable and unaltered.

Key Concepts:

• Protecting data from unauthorized modifications that could lead to misinformation or operational failures.

• Ensuring data remains unaltered and reliable throughout its transmission and storage.

Hashing Algorithms Help Achieve Integrity:

Common types include:

• SHA (Secure Hash Algorithms): Produces a unique hash value for data, allowing verification of integrity.

• MD5 (Message Digest 5): An older hashing algorithm that generates a 128-bit hash value, now considered less secure.

Example: Verifying downloads using checksums (like SHA-256) helps ensure files are original and untampered by producing a hash that can be compared against the original file's hash.

Availability

Availability ensures that information and resources are accessible to authorized users when needed, enabling business operations without interruption.

Key Points:

• High availability requires measures like redundancy (having backup systems) and fault tolerance (the ability to continue operation even in the event of a failure).

• Example: RAID (Redundant Array of Independent Disks) ensures continued access even if one drive fails, while UPS (Uninterruptible Power Supply) systems maintain availability during power failures, preventing downtime.

• Emphasizing the need for a balance between security measures and user access needs to maintain user experience while enforcing security.

Prioritizing the CIA Triad

In cybersecurity practice, prioritization of the CIA components can vary based on the organization’s context:

• Intelligence Agencies: prioritize confidentiality due to the sensitive nature of their work.

• Banks: prioritize integrity due to the need for secure transactions and accurate financial records.

• E-commerce sites: prioritize availability to ensure customer access and satisfaction.

Risk in Cybersecurity

Risk is defined as the probability of loss due to threats exploiting vulnerabilities.

Key Terminologies:

• Threat: Any potential danger that can exploit a vulnerability (e.g., malware, insider threats).

• Vulnerability: A weakness in a system that can be exploited by a threat.

• Exploit: A tool or tactic used to take advantage of a vulnerability.

Risk Management focuses on identifying and mitigating vulnerabilities to manage security risk effectively.

Importance of Nonrepudiation and Authenticity

• Authenticity: Ensuring that messages or signatures are genuine, typically through methods like digital signatures that provide proof of origin.

• Nonrepudiation: Ensures that an individual cannot deny having sent a message or performed an action, often secured through digital signing methods that link the individual to their actions.

Control Measures in Cybersecurity

The importance of layered security, often represented as Defense in Depth, which incorporates:

• Technical controls: firewalls, intrusion detection and prevention systems.

• Managerial controls: policies and procedures that establish a framework for security practices.

• Operational controls: implemented daily, such as ongoing training for employees to recognize security threats.

• Physical controls: involve tangible security measures like security guards and surveillance cameras to protect assets.

The Zero Trust Model

Zero Trust is a security model that assumes threats could be present both inside and outside the network.

Key Principles of Zero Trust:

• Trust nothing, verify everything: Both users and devices must be continuously authenticated, regardless of their location.

• Continuous Authentication: Ensuring that users and devices are verified before gaining access to resources.

• Least Privilege Principle: Access is granted based on the minimum permissions necessary for a user to perform their job functions.

• Micro-Segmentation: Limit access within secure zones in order to contain potential breaches and reduce attack surfaces.

Implementation by organizations: systems like BeyondCorp by Google focus on secure, remote access methods that apply Zero Trust principles effectively.

Conclusion

Understanding confidentiality, integrity, and availability is critical for achieving strong cybersecurity. The integration of risk management, layered security controls, and the principles of zero trust can significantly enhance an organization's security posture.