What is the CIA Triad?

In the world of computing and the internet, there are different types of cyber threats which arise that can potentially have damaging consequences if you are not protected from them. Depending on who you are and what you do, whether that’s as a business or otherwise, certain threats may hold greater significance than others. 

Within the cybersecurity community, a triad model of threat types is traditionally referred to as defining the threats which can be faced. Known as the CIA model, this includes: 

• Confidentiality 
• Integrity 
• Availability 

There has also, however, been appetite for this model to be developed and some often-cited enhancements include fraud and accountability as additional threat types. The core three, nevertheless, remain as fundamental aspects of information security.  

Confidentiality 

Confidentiality involves preventing the unauthorised disclosure of information, keeping sensitive data secure. Only those with authorised access should be permitted. For an organisation which holds large amounts of client and customer data, this is likely to be one of the most significant threats. Risk assessments are a vital practice in cybersecurity, and an appreciation of which data is most important to be kept confidential can help you identify where security measures should be strongest. Examples of confidentiality threats are encryption cracking and malicious insiders. 

Good practices for confidentiality include:  

• Strong passwords 
• Encryption 
• Assigning different privilege levels 

Integrity 

Integrity, in this context, is maintaining and assuring the completeness, validity and accuracy of data across its lifecycle. This means preventing the unauthorised and undetected modification of the data, at any stage. Threats to integrity may be both unintended and malicious. A company where the risk of integrity threats is higher would be one which its customers rely on to access information securely, such as through the input of passwords. Integrity threats could be in the form of malware infections, but at the same time, could be simply unintentional, such as human error. 

Ways to protect integrity are: 

• Regular backups 
• End-to-end encryption 
• Input validation 

Availability 

In information systems, the information must be available when it is needed. For certain businesses, the maintenance of their core systems is critical to their principal functionality. An example of this could be an online gaming service provider. Therefore, the systems used to store and process the information, the security in place to protect it and the communication channels used for access must be functioning correctly. Examples of availability threats are Distributed Denial of Service (DDOS) attacks and insufficient server capacity. 

To counter against loss of availability you should: 

• Keep all critical systems updated 
• Have a strong firewall and DDOS protection 
• Ensure there is sufficient bandwidth to cope with the traffic 

Conclusion and implementation 

The CIA triad provides the basic building blocks for understanding the threats which can be faced in the cyberworld. They provide a provisional guide to knowing how to protect your most critical assets. The model is likely to be best applied on a case-by-case basis, where one of confidentiality, integrity and availability is more important to your business than the others. For example, if you hold significant amounts of personal data, confidentiality is likely to be your greatest focus.  

Through Securiwiser, you can know where your biggest vulnerabilities lie, which could put your organisation’s confidentiality, integrity and availability at risk. Click here to generate a free vulnerability report.