Confidentiality, Integrity, and Availability; the Core Principles of Information Security

Confidentiality, integrity, and availability, also known as the CIA Triad, have long been the three core principals of information security. When setting up a system that contains secure information, it is critical to develop systems around the CIA Triad.

If there is a breakdown in even one of these areas, the information of a person or business can be severely compromised. In this article, we’ll explore why these three pieces of the CIA Triad are so critical to the practice of information security.

Confidentiality

The confidentiality piece of the triad means creating a way to hide secure information for those who are unauthorized to view it. This may include social security numbers, personal information, account numbers, or other secure information. Organizations must establish authority level criteria for individuals who are privy to secure information and create data structures that allow only authorized personnel to view private information.

It is possible that there will need to be several levels of authority that allow different uses the ability to access different levels of secure information. For example, giving employees access to customer records and account numbers while blocking access to social security numbers, and highly personal information such as health records, and other secure information.

Integrity

Integrity means that those who have access to information do not have the ability to change that information. A person’s private data or a company’s private information can be severely compromised by an employee with free access to change information at will or a hacker who breaks into the system and learns how to overwrite information.

It is essential to create systems so that even if employees have access to change information, that the original information in the file will be kept in tact – never overwritten. Many companies handle this by creating secure data logs that document the employee’s name and date of the change as a running log that cannot be edited. Therefore, if ever the original information does need to be accessed, it is apparent what was changed, when it was changed, and by who.

Availability

The availability piece of the CIA Triad ensures that information is readily accessible to authorized users whenever they must access it. Many information attacks deny authorized users access to information as a way to control or hijack data. While lack of availability may not give hackers access to information, it can prevent authorized users from viewing information.

Creating Secure Information Systems

Information security is not an area to cut corners. If you are housing confidential data, it is imperative to bring in an information security consultant to help you develop a plan, or to educate your internal staff on the fundamentals of information security with information security training.

If you have questions regarding the security of your networks or need assistance building a secure information system, please contact us today at 866-219-6031.