When people think about information security awareness, theyre usually focused on preventing hackers from stealing sensitive information such as their social security or drivers license numbers. While keeping that information out of criminals hands is vitally important, its only one leg of the CIA Infosec Triangle.
The term CIA usually stirs images of spies and skullduggery, but in this instance the acronym stands for Confidentiality, Integrity, and Availability.
Confidentiality This is the one pillar of information security that everyone immediately thinks of. Are my files safe from prying eyes? Are they only available to personnel I have authorized? The IT world is full of tools to help ensure the confidentiality of your information: firewalls, authentication services, multi-factor authentication, IDS/IPS, anti-virus programs, etc.
Considered common knowledge by now, access to offices and a businesss server room should be restricted to authorized personnel only. Further, servers should never share common access with the copy or break room.
Integrity This refers to data being tampered with or changed without the owners intent. Tools and methods used to ensure data integrity are similar to those used to maintain confidentiality such as firewalls and access controls, but specifically retains integrity with logging and hash comparisons.
Certain system files should very rarely change so File Integrity Monitoring (FIM) performs a hash on these files and continually compares the hash to a new hash on the same file. If the hashes ever come out differently, the file is changed and administrators are notified.
Furthermore, good data integrity ensures that changes done by authorized parties can be undone. Thats where version control and back-ups come into play.
Availability Refers to being able to access the information whenever required. Again, access control and authentication methods play a big part. If your Active Directory server crashes, all of your data becomes instantly inaccessible and thats never a good thing.
Hardware such as routers, switches, and hard drives are vital components to ensuring good availability. Fail-overs, Incident Response Plans (IRPs), and Business Recovery Plans (BRPs) are all some of the ways businesses can improve availability.
So while you may not want the Central Intelligence Agency involved in your life, you definitely want to be familiar with, and practice daily, the principals of the CIA triad of information security.
About the Author
Eric Haruki is a technology analyst with over 15 years of experience advising global category leaderssuch as Samsung, Panasonic, HP, & Ciscoonproduct and brand strategy, market competitiveness, and in areas of untapped product and distribution opportunity. He has produced both syndicated and project work, delivering forecasts, SWOT analyses, road maps, and panel survey insights to research customers around the globe. Eric has contributed to major print and television press outlets and has been a featured presenter at industry conferences. He isdriven to find insights through extensive market research and deliver concise and actionable solutions to vendors, leading ultimately to the development of valued downstream goods and services to end users.