Confidentiality, Availability and Integrity

Confidentiality, availability and integrity, known as the CIA triad, are considered the most crucial parts of security.

Confidentiality – is the assurance the information is not disclosed to unauthorised individuals, processes or devices while making sure authorised personnel can. The confidentiality of data can be adhered to by utilising strong complex passwords, two-factor authentication and information relating to combating social engineering attacks. Failure to maintain confidentiality means an individual has accessed data they are unauthorised to see

Integrity – this refers to data integrity and ensures that the data is stored accurately and contains no unauthorised modifications. Measures to protect the integrity of data can include file permissions, version control and access controls. Software flaws and vulnerabilities can lead to accidental losses in data integrity. There could also be the replacement of data with incorrect data. Strict access controls, intrusion detection, and hashing can combat these threats. If an individual attempt to access one page and gets redirected to another, this is a breach of integrity.

Availability – means the information systems must be accessible to users for these systems to provide any value. Ideally, systems should be able to recover from disruptions in a timely manner. Availability of data can be hardened by ensuring that all software updates are adhered to, and redundancy designs should be used so that if a system fails, back-ups will be in place to ensure the data can be quickly recovered. An additional measure is to implement DDOS mitigation techniques to reduce the effectiveness of this attack and increase the likelihood of the system remaining online. A n individual unable to access a website is an example of availability being compromised.

Some assets have a critical confidentiality requirement (company trade secrets), some have critical integrity requirements (financial transaction values), and some have critical availability requirements (e-commerce web servers).