Understanding Information Security (InfoSec) begins with comprehending three primary concepts:
- Integrity, and
In InfoSec, confidentiality, integrity, and availability are considered together and abbreviated as the CIA Triad. Since “CIA” can easily be confused as shorthand for the Central Intelligence Agency, and “Triad” may evoke the Trilateral Commission to some, it has become known to some as the “AIC” (Availability-Integrity-Confidentiality) Triad. We’ll stick with the cool, yet provocative, “CIA Triad”.
The CIA Triad is an important model designed to guide policies for InfoSec, because these three concepts reflect the primary goals and objectives of any InfoSec system. Components or features of an InfoSec system are often described as to how each contributes to or promotes one, two, or all three of these properties. Further, risks and vulnerabilities of a system are usually evaluated as to how they impact or compromise one or more of these three properties.
What is meant by each of these concepts in InfoSec?
- “Confidentiality” means that information is not made available or disclosed to unauthorized individuals, entities, or processes.
- “Integrity” means the accuracy and completeness of data is maintained and assured over its entire lifecycle.
- “Availability” means information should be available when it’s needed.
In order to evaluate whether your InfoSec infrastructure is adequate, you should first determine how important each is for your system in relationship to the priorities of your organization, the users of the system, and any legal or other compliance considerations, etc. There are inevitable trade-offs between the components you will wrestle with to determine an optimal balance.
For instance, you might decide that confidentiality is the most important factor and you want to ensure the data remains confidential no matter what. The most cost-effective way to achieve this is to destroy the data and the media it’s stored on in a wood-chipper. Problem solved, right? Wrong. You’ve lost both the integrity and availability of the data, and you really have no system left. That doesn’t mean that destroying data is not an important feature of many InfoSec systems. Many systems routinely destroy older confidential data once its availability has been determined to be of little or no value.
Destroying the data that needs to be available represents an extreme example. Consider instead you want to locate your data system in a highly secure bunker without any telecommunications equipment or connections, other than power, available outside that secure bunker. You make the data available only to authorized personnel who must visit the bunker in-person. Once inside the bunker, you provide a read-only screen interface via an application which only shows the data the authorized individual should view. Your data system will be highly confidential, but it will have very low availability. Further, you limit data entry and edit capability to only a few authorized individuals who also must visit the bunker in-person. To maintain and ensure data integrity, you employ a rigorous methodology of approvals at checkpoints in the data entry and edit process, with each entry and edit logged, tagged, and approved as valid with plenty of metadata. This kind of InfoSec system may be desired for state secrets, but in most real-world systems it would be deemed impractical.
In general, the more readily available you want confidential data to be for a larger pool of authorized individuals, the more your security features, components and considerations will multiply. This will increase both complexity and cost.
You may want to develop or employ a methodology for scoring or ranking each property to help evaluate the risks and vulnerabilities for your InfoSec system, and the desirability for adding or updating features or components to address each. We will explore Confidentiality, Integrity, Availability, and how to evaluate the trade-offs between them in subsequent articles.