No, I’m not going to talk about the Central Intelligence Agency (Responsibles to provide national security intelligence to the US). This particual triad -which some people call AIC to avoid the confusion with the regular CIA- stands for Confidentiality, Integrity and Availability.
In general, confidentiality is the property in charge to limit the information, integrity is the assurance of accurate and trustworthy information and availability is the guarantee of authorized people to information. These concepts conform a model to help people think security-wise.
The purpose of this is to ensure that every piece of information reaches the adequate people and that no sensitive information is breached.
And to make sure this is done, to enforce levels of authorization and authentication of information access is necessary. As well as creating categories and collections of information and stablish discretion functions.
Some methods used to ensure confidentiality are: Data encryption, two-factor authentication, biometric verification, security tokens. In extreme cases air gapping, or doing hard copies of the information is made.
The purpose of this component is to protect data from unauthorized modifications or to make sure that an option to undone changes is always available. Also, integrity involves making sure that data is always consistent, accurate and trustworthy.
Some methods used to ensure integrity are: Typical system file permissions, user access control, version control. Data might include checksums. Backups and redundancy is important to restore breaches of integrity.
This is very straightforward. This property assures the availability of the data. All kinds of systems for protection must be up to provide the informationwhen requested. Power outages and hardware upgrade and failure must be taken into account when making the availability design. Attacks of the DoS and DDoS kind might compromise the service.
Now, I found an interesting article that talks about the challenges of the CIA paradigm.
It talks about 3 concepts that poses an extra challenge for the CIA
- Big data
The high volume of data can pose a big challenge to make sure the information is safeguarded, mainly because the high quantity of differetn sources of the data and the high costs of mantaining dupplicates and disaster recovery plans.
- IoT Privacy
One IoT device might not generate important information, but multiple devices can provide relevant data in case of a breach.
- IoT Security
This topic has been mentioned in class many times. There are so many IoT devices that aren’t patched, updated or without safe passwords, that these devices are an excellent source for thingbots and eventual botnets.
And that’s it for this post.
Each topic is getting more related to each other now.
Miguel A. Montoya