The CIA trio is a security model (a.k.a. AIC triad to avoid confusion with the Central Intelligence Agency). Confidentiality, Integrity, Availability.
Confidentiality means that data is only available to the designated individual or party. The primary goal of maintaining data secrecy is to prevent unauthorized parties from accessing the information in question.
Improved secrecy measures may include:
- Training
- Handling and disposal of sensitive data
- Control of physical access
- Keeping private information in cabinets with locks
- Controlled access
- Usernames, passwords, and two-factor authentication
- Encryption of data
Integrity is about the same as how trustworthy data is. It prevents unauthorized users from changing data and ensures its consistency and correctness throughout its life cycle. Some situations necessitate data integrity but not just privacy. If you’re downloading software via the Internet, make sure the installation package hasn’t been tampered with to include harmful code.
Integrity can be shown in many ways.
- Permissions usage
- Read-only access
- Checksums
- Signatures made with encryption
- Hashing
Availability means making data accessible to authorized users. Data is only useful when available when needed. A denial-of-service attack, sometimes known as a DoS attack, is a popular type of assault that targets the availability of a resource by preventing authorized users from getting the data they need. UCL was recently attacked with ransomware. DoS attack that prohibited users from accessing their own files and demanded a ransom.
To ensure data availability, the following procedures may be taken:
- Regular backups
- Redundancy
- Data center located off-site
- Communication bandwidth sufficient