🌵OldMartijntje

The CIA Triad

1 min read

I202512081014 Status: idea Tags: Security

The CIA Triad

This has nothing to do with the CIA, it could also be referenced as the AIC Triad, but it is less remember able.

It is a combination of principles, the fundamentals of security.

Confidentiality

  • Prevent disclosure of information to unauthorized individuals or systems
  • Encode messages so only certain people can read it. (Encryption)
  • Selectively restrict access to a resource. (Access controls)
  • Additional confirmation before information is disclosed (2FA) Integrity
  • Messages can’t be modified without detection
  • Any modification to the data would be identified (data is stored and transferred as intended)
  • Map data of an arbitrary length to data of a fixed length (Hashing)
  • Mathematical scheme to verify the integrity of data (Digital Signatures)
  • Combine with a digital signature to verify individuals (Certificates)
  • Provides proof of integrity, can be asserted as genuine (Non-repudiation) Availability
  • Systems and networks must be up and running
  • Information is accessible to authorized users
  • build services that will always be available (Redundancy)
  • System will continue to run even when a failure occurs (Fault tolerance)
  • Stability (patching)

References

I had to learn about this for School as preparation for the 1st security workshop

Discussion for The CIA Triad

Graph View