CIA Triad

From the moment computer was invented, a drastic change occurs to the existence of every human being.

 Thanks to the individuals who devoted their lives for the advancement of humanity, the simple instinct and drive of an individual for survival which consist of a food to eat, a clothes to wear and a house to live evolves and became a complicated and multifaceted way of living.

Nowadays, technology especially computers plays a vital role for the advancement and survival of businesses. With an increasing knowledge about computer’s software, hardware and information system, a company business processes became more effective and efficient. A need to safeguard assets and information arises due to numerous threats and significant risk in which a company faces at this day.

Information security was established for the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. It ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability).

The CIA triad of confidentiality, integrity, and availability is at the heart of information system. It is interchangeably referred to in the literature as security attributes, properties, security goals, fundamental aspects, information criteria, critical information characteristics and basic building blocks.  Also, it is increasingly being recognize as the de facto standard for strengthening the effectiveness and awareness of cyber security.

 In information security, confidentiality means protecting information from unauthorized individuals, entities or processes. Information has value, especially in today’s world. The disclosure of information to inappropriate individuals can result from a range of minor damage to a great loss.

Encryption is a method used in protecting information confidentiality. It is a process in which usable information transforms into a form that renders it unusable by anyone other than an authorized user. Other ways to ensure confidentiality include enforcing file permission and access control list to restrict access to sensitive information.

Information only has value if it is correct. Data integrity means maintaining and assuring the accuracy and completeness of data over its entire life-cycle. This means that data cannot be modified in an unauthorized or undetected manner. Hashing the data you received and comparing it with the hash of the original message is the common technique in ensuring data integrity.

Availability of information refers to providing authorized parties to access information when needed. Information possess value only if it is used at the right time.  Backup plan is vital to ensure data availability and business continuity during planned or unplanned disruptions that affect normal business operations.

CIA triad is an important step in designing any secure system. However, there is a continuous debate about extending this classic trio. In 2013, Information Assurance and Security (IAS) literature proposed an extension to the CIA-triad and called it IAS-octave. It comprise of Confidentiality, Integrity, Availability, Accountability, Auditability, Authenticity/Trustworthiness, Non-repudiation and Privacy.