Cyber-Security - C.I.A The C.I.A. TriadCIA in the realm of cybersecurity is an acronym for the guiding principles behind information security (not for the Central Intelligence Agency ). It is sometimes referred to as the CIA Triad.
ConfidentialityIn order to safeguard the confidentiality of data special training must be given to those within a company that have access to sensitive documents. Training should:
The company should set up procedures that shepherd their employees into safe routes when handling customer data and put in place procedures for customers to follow when accessing their data that safeguards confidentiality. Methods used to ensure confidentiality:
Confidentiality of extremely sensitive documentsExtra measures might be taken in the case of extremely sensitive documents.
IntegrityMeasures to protect integrity include file permissions and user access controls. Version control may be used to prevent erroneous changes or accidental deletion by authorized users from becoming a problem. In addition, organizations must put in some means to detect any changes in data that might occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash. Data might include checksums, even cryptographic checksums, for verification of integrity. Backups or redundancies must be available to restore the affected data to its correct state. Furthermore, digital signatures can be used to provide effective nonrepudiation measures, meaning evidence of logins, messages sent, electronic document viewing and sending cannot be denied.
It is important to be able to distinguish between these three aspects of security. So let’s look at an example. This example comes from the Open University Site: We need to consider each aspect separately:
So only one of the three aspects was breeched.... still cost the company a fortune though! |
|