An Introduction to the CIA Triad
Long established within the information security field – and by extension, cyber security – the concept of the CIA triad is a mainstay. The acronym refers to three parts:
- Confidentiality
- Integrity
- Availability
The CIA Triad is a model designed to guide policies for information security within an organisation. As one learns about their inter-relationship it becomes clear that while each is of huge individual importance, but a slavish devotion to one will, in all likelihood, cause failure to another.
Consider how the maintenance of total availability must, inevitably, lead to a breach of confidentiality. Data may be kept secure, but if the productivity of the organisation is harmed, then it may be considered that the policy implementation is lacking efficiency.
Your Risk Management Plan
We approach these problems through a multi-step risk management process which identifies assets, threat sources, vulnerabilities, potential impacts, and possible controls. It is concluded with an assessment of the effectiveness of the risk management plan.
While Information Security is wide-ranging, and is inclusive of paper-based data, equipment theft and so forth, Cyber Security is focussed on a narrower set of threats: those which centre upon attacks through the computer network. We refer to these modes of attack as ‘threat vectors.
An illustrative list of such threats includes:
- Viruses
- Ransomware
- Worms
- Phishing attacks
- DDOS (Distributed Denial of Service)
- Trojan horses
- Malware
Conclusions
The range of threats to the organisation’s computer security and overall IT security are considerable, but when addressing cyber security it’s important to realise that in banking, aviation, maritime and similar industries, the acceptability of restricting availability is entirely different from the considerations in a retail organisation.
The consequence is that the ideal risk management plan must reflect the integration of risk balanced against the CIA Triad. Only then can budgets and priorities be established.
Have you read:
- The Relationship Between GDPR and Cyber Security
- The 5 Hidden Risks of File Sharing
- 10 Step Guide to Cyber Security
- Cyber Security vs. Printers and the IoT
- 12 Cyber Security Readiness Tips
- Cyber Security: Integrating Risk and the CIA Triad
- Why Understanding RISK is Central to Cyber Security
- A GDPR Centred Approach to Cyber Security
Humperdinck Jackman
Director of Consulting Services
Humperdinck has a 30-year career spanning Document Management Systems (DMS), data protection, Artificial Intelligence, Data Protection and Robotic Process Automation. With many articles published in print internationally, he believes the advances in office technology are such that we're entering the 4th Industrial Revolution. Now Director of Marketing and Consulting Services at Advanced UK, he's as active with clients as he is in endeavouring to write original blog articles.
