I202512081014 Status: idea Tags: Security
The CIA Triad
This has nothing to do with the CIA, it could also be referenced as the AIC Triad, but it is less remember able.
It is a combination of principles, the fundamentals of security.
Confidentiality
- Prevent disclosure of information to unauthorized individuals or systems
- Encode messages so only certain people can read it. (Encryption)
- Selectively restrict access to a resource. (Access controls)
- Additional confirmation before information is disclosed (2FA) Integrity
- Messages can’t be modified without detection
- Any modification to the data would be identified (data is stored and transferred as intended)
- Map data of an arbitrary length to data of a fixed length (Hashing)
- Mathematical scheme to verify the integrity of data (Digital Signatures)
- Combine with a digital signature to verify individuals (Certificates)
- Provides proof of integrity, can be asserted as genuine (Non-repudiation) Availability
- Systems and networks must be up and running
References
I had to learn about this for School as preparation for the 1st security workshop