All information security functions are based on the CIA triad, which is the most essential paradigm. The CIA triad is made up of three key security objectives: confidentiality, integrity, and availability.
What exactly do the terms Confidentiality, Integrity, and Availability mean in the context of Information Security?
•Confidentiality entails maintaining permitted access and disclosure limits, as well as safeguarding personal privacy and proprietary information.
• Integrity — ensuring information non-repudiation and authenticity, as well as guarding against improper information alteration.
• Availability entails assuring quick and dependable information access and utilization.
The ideal security model achieves a good balance of three goals. But it isn't that simple.
Data integrity may be more critical to a financial institution, whereas secrecy is more important to government entities. More secrecy may jeopardize data availability. A violation of confidentiality is referred to as a disclosure or breach, while a compromise of integrity is referred to as alteration, which might include introducing malware code. However, it can also refer to the unauthorized change of data or records in general. In the circumstances of ransomware or Denial of Service, where data is rendered unusable, there is a compromise in availability. Ransomware can be highly damaging to a business.
According to Microsoft, 96.88 percent of all ransomware attacks infiltrate their target in under four hours. Malicious software that is the fastest may take over a company's system in about 45 minutes. They not only take over the system, but they also demand large sums of money to regain access to it. So, balancing the CIA triad is the most significant way to develop the best model. It is not, however, possible everywhere.
In subsequent posts, we'll look at ways to quantify risks and minimize them.
