Tuesday, June 26, 2018

CIA

Confidentiality  Integrity  Availability

 


 


Confidentiality, Integrity and Availability, also known as  the CIA triad.

Its an model design which guides the organization to design its security policies.
It is these three principles that often get exploited through varying degrees of exploits/attacks.

Confidentiality

Its an measures undertaken to ensure confidentiality by
preventing sensitive information from reaching the wrong
people, while making sure that the right people can in fact
get it.

If we are bank and our user wants to access the account via banks web, how can we provide confidentiality to his data. 





The answer will be via User name and password, he has to ensure the privacy of the password so that his data remains confidential.






Other confidentiality options can also be data encryption, sending OTP, Bio-metric verification or use of RSA tokens. 




Integrity



Integrity involves maintaining the consistency, accuracy,
and trustworthiness of data.
Data must not be changed in transit, and steps must be
taken to ensure that data cannot be altered by unauthorized people.

 



Use of Checksum is an best example of Integrity check.
Certain value “ADG45SD78L” is been calculated by applying some algorithm on the file and then sent to the recipient along with the file.




The recipient on receiving the file again runs the same algorithm and verifies the output “ADG45SD78L” with the senders output to identify the Integrity of the File.


Availability
 
Availability concept is to make sure that the services of an
organization are available.

The data is always available to legitimate users and not blocked my any means. It may happen that we provided confidentiality, we maintained the integrity but the data only is not available.





So there can be a case where our server gets under DDOS attack.





DDOS is an sophisticated attack where attackers attack in group resulting into full utilization of the resources. In such cases if our legitimate user tries to access the server, he will be shown server down.

We have to take all the necessary actions to make sure the resource or data which we are sharing is always available.

Thank you friends for reading the blog post, if you have any questions/suggestions than please post in the comment area and subscribe for updates. 

YouTube        Fan Page        FaceBook Group

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)