Just a Glimpse on CIA Triad
- Vishakh Rameshan
- Jan 16, 2021
- 2 min read
First time when anyone hears about CIA, the famous hollywood movies come into mind where hero is an ex-CIA or rogue CIA (The Central Intelligence Agency). This is not what am trying to explain here. People working at an IT company or students opted or mastered in Computer Science or Information Security would have definitely heard this term. This post is for them who are still thinking of Hollywood movies.
CIA stands for Confidentiality, Integrity and Availability for any application/product/website which deals with data (personal identifiable information, payment information, documents, medical health reports etc.).
Let's dive into each on a very high level so as to make this post simple as possible.
Confidentiality - Is to ensure privacy and protection to sensitive data while at rest and at transit. There should be mechanisms in place to protect the data and disclose only to authorized users. This can be achieved by implementing different approaches, tools, technologies and frameworks. Some of the common and well known approaches are encryption (symmetric or asymmetric), cryptography, steganography, encoding, hashing, salting, tokenization, authentication and authorization (oauth2.0, SAML, JWT).
Integrity - refers to the measure taken for the confidential data not to be tampered (altered or modified) by an unauthorized person in any way. This can be achieved with techniques like hashing, digital signatures, encryption etc
Availability - refers to the service (application/product) is always available for the authorized users in need. This is a generic term that is not strict to just the security, as every application/product exposed for others to consume must be highly available based on demand. There are lots of talk about the HA architecture for a monolithic to microservice and from a single node to a cluster of nodes.
Now you may be thinking with all these explained, why is knowing CIA Triad so important?
The reason is because in the current world which runs on technology, data breach is common and increasing. So, having the CIA triad as a best practice while designing a new product or developing an on going product or maintaining an existing product is crucial.
Comments