No we are not talking about the Criminal Investigations Agency but rather a model that IT security professional use as a guide. Confidentiality, Integrity and Availability are 3 goals that security professional ensure that each service or data point adheres too.
- Defenders want Confidentiality – attackers use Information Disclosure
- Defenders want Integrity – attackers use Tampering
- Defenders want Availability – attackers use Denial of Service.
While there are many models out there for Information Security I do recommend that we know the CIA triad as it forms the basic 3 LAWS of IT security. While most people can argue that the model isn’t fully encompassing it definitely can relate to all security mitigation strategies.
Whenever designing security mitigation procedures you must always ensure that you don’t break a rule. To keep information secure you encrypt it with 5 layers of encryption making it impossible to read. You just broke the Availability Rule… Maybe you made the mitigation so complicated that your users write the passwords, and leave keys lying around so that they can do their job. While you attempted to create confidentiality, your users broke integrity due to the measures being too difficult. It’s a fine line and a hard balancing act. Keep this TRIAD in mind!
The CIA methodology is a simple yet effective strategy to ensure that security professionals follow a basic set of rules in implementing mitigation measures! Keep learning and ask yourself Can you hack it?