The Three Pillars of Information Security (CIA Triad)

The CIA Triad is the foundational model for security policies. It stands for Confidentiality, Integrity, and Availability, representing the three primary goals for protecting information assets.

1. Confidentiality

Confidentiality ensures that information is accessible only to those authorized to have access. It is the principle of preventing unauthorized disclosure of information.

• Goal: Prevent data exposure
• Methods:
  • Encryption: Converting data into an unreadable form (e.g., encrypting personal data).
  • Access Control: User authentication and authorization (e.g., passwords, OTP, role-based access control).
  • Physical Security: Locks, surveillance systems.

2. Integrity

Integrity guarantees that information is accurate, complete, and reliable. It ensures that data has not been altered, destroyed, or fabricated in an unauthorized manner.

• Goal: Prevent data tampering and maintain accuracy.
• Methods:
  • Hashing: Using cryptographic functions to verify if data has been changed (data verification).
  • Digital Signatures: Ensuring the authenticity and integrity of the data source.
  • Strict Access Control: Limiting write/modify permissions.

3. Availability

Availability ensures that authorized users are able to access information and systems whenever needed without interruption.

• Goal: Prevent service disruption
• Methods:
  • Backup and Recovery: Systems to quickly restore data in case of loss or disaster.
  • Redundancy (Failover): Having duplicate systems (servers, networks) that can take over if the primary system fails.
  • DDoS Protection: Defending against distributed denial-of-service attacks.