The CIA triad is a well-known concept in the world of information security, familiar to information security professionals, researchers, and developers. When people hear “CIA Triad,” they may think it’s too complicated or too technical. Therefore, in this article, we aim to break down the complexity of the CIA Triad and explain it in simple terms.
The CIA triad is mainly used to create an organization’s information security policy. CIA stands for three critical components of data security: Confidentiality, Integrity, and Availability.
Let’s explore each of them,
CONFIDENTIALITY
Confidentiality is a crucial component in the current digital world. As we cannot live without the internet, a vast amount of data flows through it, leaving us vulnerable to data breaches by hackers. Confidentiality ensures that only authorized individuals have access to sensitive information. To protect this data, organizations use encryption techniques. The level of access to the information determines the confidentiality of the data. Organizations need to calculate the impact of a confidentiality breach that could occur and the loss or damage it could cause to the organization or the user.
To illustrate this, let’s use WhatsApp as an example. As a WhatsApp user, you may have noticed the following message:
“Messages to this chat are now secured with end-to-end encryption.”
In Figure 1.1, you can see that only two people have access to that particular data, and your communication is confidential. Third parties, including WhatsApp servers, are not allowed to see your chats.
Integrity
Integrity refers to protecting data from being altered by unauthorized parties. To illustrate this, let’s consider a money transaction. Suppose you are paying ₹100 to your friend, but an attacker alters the amount to ₹10000. This could be a significant loss for you. We use cryptography to ensure integrity, but instead of encryption and decryption, we use hashing. Hashes are unique, and by comparing the original file’s hash with the received file’s hash, we can determine if the file has been altered.
In Figure 1.2, you can see an example of a hash. We mainly use two algorithms for hashing: SHA (Secure Hashing Algorithm) and MD5 (Message Digest 5). We can discuss more about hashing and hashing algorithms in a future article.
Availability
Availability ensures that a system’s authorized users have prompt and uninterrupted access to the information in the system and the network. Availability is the most crucial part of the CIA Triad. Let’s consider a press release published by the state government for the public. For the information to be effective, it must be available to the public. Confidentiality does not matter in this case, and integrity is of secondary importance. Governments ensure that their websites and systems have minimal or no downtime. Backups are also used to ensure the availability of public information.
The attacks against availability of the CIA triad are Denial of Service (DoS) and Distributed Denial of Service (DDoS). To mitigate these attacks, servers need dedicated hardware devices that can guard against downtime and data latency caused by attacks such as DDoS attacks. An example of such hardware is “Load Balancers.”
CIA Triad
The figure above (Figure 2.0) shows the CIA triad. All three components of the CIA Triad are essential for creating secure software.
In conclusion, the CIA triad is an essential concept for information security. We hope this article has helped you understand it better. If you have any questions, please let us know. Thank you for reading!
