The CIA Triad of Security – Triad Risk Management – CompTIA Security – The biggest challenge one has when you’re starting to wrap your head around becoming an I.T. security person is well where do you start. What do you do. There’s so much to do and there is a lot to do. So the secret to understanding I.T. security is to give yourself a goal. I mean why are we doing all this. Why are we going to all this pain and suffering and passwords and retinal scanners and whatever and to help us keep our mind in the right place.
What we’re talking about is the CIA a triad of security or the goals of security. Let’s talk about Confidentiality, Integrity and Availability.
We always draw. The CIA triad of security as a triangle.
What Is The CIA Triad?
Each point of this triangle points to an important goal of security.
Confidentiality, as it sounds is simply the goal of keeping data secret from anyone who doesn’t have the need or the right to access that data.
Second is Integrity. Integrity ensures that the data and the systems everything stays in an unaltered state when stored transmitted and received equally.
Integrity can talk about things like no unauthorized modification alteration creation or deletion of the data.
The third one and this is the one we tend to forget is availability. We have to ensure that systems and data are available to authorize users when needed. It’s so easy to forget that one. But these are the big three.
The CIA triad is critical for us security types. It’s like a mantra that we chant over and over again. Anytime we’re doing anything in the security world we say to ourselves is this achieving one of the three goals of security and it’s something you’re going to see all over the security plus because it should be there.
But there’s a problem and the problem is is that a lot of security people feel that the CIA in and of itself really isn’t enough. So what I’m going to do is I’m going to add a couple more things to our CIA triad. I’m going to add auditing and accountability and I’m going to add non repudiation.
Auditing And Accountability
The first thing I’d like to add is Auditing and accountability. Auditing Accountability simply means that we’ve got to keep track of things that go on for example who’s been logging in when are they logging in whose access this data. When did somebody come in the gate who’s made changes to something. So we dumped that all into auditing and accountability.
Second is non repudiation. A repudiation to some extent ties into accountability because it basically means that a user can’t deny that a they have performed a particular action. So that does make it something in terms of accountability but there’s another aspect to non repudiation that’s very important in the world of communication. It ensures that a user cannot deny having made some form of communication and that my friends is the CIA of security even though it’s a little bit more than just the CIA.
Make sure you know this for the security plus and for the real life that you’re going to run into in the world of security.