When people think about information security awareness, theyre usually focused on preventing hackers from stealing sensitive information such as their social security or drivers license numbers. While keeping that information out of criminals hands is vitally important, its only one leg of the CIA Infosec Triangle.
The term CIA usually stirs images of spies and skullduggery, but in this instance the acronym stands for Confidentiality, Integrity, and Availability.
Confidentiality This is the one pillar of information security that everyone immediately thinks of. Are my files safe from prying eyes? Are they only available to personnel I have authorized? The IT world is full of tools to help ensure the confidentiality of your information: firewalls, authentication services, multi-factor authentication, IDS/IPS, anti-virus programs, etc.
Considered common knowledge by now, access to offices and a businesss server room should be restricted to authorized personnel only. Further, servers should never share common access with the copy or break room.
Integrity This refers to data being tampered with or changed without the owners intent. Tools and methods used to ensure data integrity are similar to those used to maintain confidentiality such as firewalls and access controls, but specifically retains integrity with logging and hash comparisons.
Certain system files should very rarely change so File Integrity Monitoring (FIM) performs a hash on these files and continually compares the hash to a new hash on the same file. If the hashes ever come out differently, the file is changed and administrators are notified.
Furthermore, good data integrity ensures that changes done by authorized parties can be undone. Thats where version control and back-ups come into play.
Availability Refers to being able to access the information whenever required. Again, access control and authentication methods play a big part. If your Active Directory server crashes, all of your data becomes instantly inaccessible and thats never a good thing.
Hardware such as routers, switches, and hard drives are vital components to ensuring good availability. Fail-overs, Incident Response Plans (IRPs), and Business Recovery Plans (BRPs) are all some of the ways businesses can improve availability.
So while you may not want the Central Intelligence Agency involved in your life, you definitely want to be familiar with, and practice daily, the principals of the CIA triad of information security.
About the Author