Which Of The Following Ensures That Data Is Accessible When Needed To Authorized Users

Confidentiality, integrity and availability, besides known as the CIA triad, is a model designed to guide policies for information security within an organization. The model is also sometimes referred to equally the AIC triad (availability, integrity and confidentiality) to avoid confusion with the Key Intelligence Bureau. Although elements of the triad are three of the most foundational and crucial cybersecurity needs, experts believe the CIA triad needs an upgrade to stay effective.

In this context, confidentiality is a gear up of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people.

Confidentiality, integrity, availability

The following is a breakdown of the iii key concepts that grade the CIA triad:

Confidentiality is roughly equivalent to privacy. Confidentiality measures are designed to forbid sensitive information from unauthorized admission attempts. Information technology is common for data to be categorized according to the corporeality and type of damage that could be done if information technology fell into the wrong hands. More or less stringent measures tin can then be implemented co-ordinate to those categories.
Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its unabridged lifecycle. Information must non be changed in transit, and steps must exist taken to ensure information cannot be contradistinct by unauthorized people (for example, in a breach of confidentiality).
Availability ways information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that concur and brandish the information.

diagram of CIA triad — The three CIA triad principles

Why the CIA triad is of import

With each letter representing a foundational principle in cybersecurity, the importance of the CIA triad security model speaks for itself. Confidentiality, integrity and availability together are considered the 3 most important concepts within information security.

Considering these 3 principles together within the framework of the "triad" can aid guide the development of security policies for organizations. When evaluating needs and utilize cases for potential new products and technologies, the triad helps organizations ask focused questions almost how value is being provided in those three key areas.

Thinking of the CIA triad'due south three concepts together as an interconnected system, rather than every bit independent concepts, can help organizations sympathise the relationships between the three.

Examples of the CIA triad

Here are examples of the various management practices and technologies that contain the CIA triad. While many CIA triad cybersecurity strategies implement these technologies and practices, this list is by no ways exhaustive.

Confidentiality

Sometimes safeguarding information confidentiality involves special training for those privy to sensitive documents. Training can help familiarize authorized people with risk factors and how to guard against them. Further aspects of training may include strong passwords and password-related best practices and information well-nigh social engineering methods to forestall users from angle information-handling rules with practiced intentions and potentially disastrous results.

A adept example of methods used to ensure confidentiality is requiring an account number or routing number when banking online. Information encryption is another common method of ensuring confidentiality. User IDs and passwords constitute a standard procedure; two-factor authentication (2FA) is becoming the norm. Other options include Biometric verification and security tokens, cardinal fobs or soft tokens. In add-on, users can accept precautions to minimize the number of places where data appears and the number of times information technology is actually transmitted to consummate a required transaction. Extra measures might be taken in the case of extremely sensitive documents, such as storing only on air-gapped computers, asunder storage devices or, for highly sensitive data, in hard-copy form simply.

Integrity

These measures include file permissions and user admission controls. Version control may exist used to prevent erroneous changes or accidental deletion past authorized users from condign a problem. In improver, organizations must put in some means to detect any changes in data that might occur as a result of not-human-caused events such equally an electromagnetic pulse (EMP) or server crash.

Information might include checksums, fifty-fifty cryptographic checksums, for verification of integrity. Backups or redundancies must be available to restore the affected data to its right country. Furthermore, digital signatures can exist used to provide constructive nonrepudiation measures, meaning evidence of logins, messages sent, electronic certificate viewing and sending cannot be denied.

Availability

This is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a properly functioning operating system (OS) environment that is gratuitous of software conflicts. Information technology's also of import to keep current with all necessary arrangement upgrades. Providing adequate advice bandwidth and preventing the occurrence of bottlenecks are equally important tactics. Back-up, failover, RAID -- even high-availability clusters -- can mitigate serious consequences when hardware issues practice occur.

Fast and adaptive disaster recovery is essential for the worst-case scenarios; that capacity relies on the beingness of a comprehensive DR programme. Safeguards against data loss or interruptions in connections must include unpredictable events such equally natural disasters and fire. To preclude data loss from such occurrences, a backup copy may be stored in a geographically isolated location, maybe even in a fireproof, waterproof safe. Extra security equipment or software such as firewalls and proxy servers tin guard against reanimation and unreachable data blocked past malicious denial-of-service (DoS) attacks and network intrusions.

Special challenges for the CIA triad

Large data poses challenges to the CIA image because of the sheer book of information that organizations demand safeguarded, the multiplicity of sources that information comes from and the diverseness of formats in which it exists. Duplicate data sets and disaster recovery plans can multiply the already-high costs. Furthermore, because the master business organisation of big data is collecting and making some kind of useful interpretation of all this information, responsible data oversight is oftentimes lacking. Whistleblower Edward Snowden brought that problem to the public forum when he reported on the National Security Agency's collection of massive volumes of American citizens' personal information.

Internet of things privacy protects the information of individuals from exposure in an IoT environment. Almost whatsoever physical or logical entity or object can be given a unique identifier and the ability to communicate autonomously over the internet or a similar network. The information transmitted past a given endpoint might non cause any privacy bug on its own. However, when even fragmented data from multiple endpoints is gathered, collated and analyzed, it tin can yield sensitive information.

Cyberspace of things security is also challenging because IoT consists of so many net-enabled devices other than computers, which often become unpatched and are often configured with default or weak passwords. Unless adequately protected, IoT could be used as a separate attack vector or part of a thingbot.

As more and more products are developed with the chapters to exist networked, information technology's of import to routinely consider security in product development.

Best practices for implementing the CIA triad

In implementing the CIA triad, an system should follow a full general set of best practices. Some best practices, divided past each of the three subjects, include:

Confidentiality

Data should be handled based on the organization's required privacy.
Data should be encrypted using 2FA.
Go along access command lists and other file permissions up to appointment.

Integrity

Ensure employees are knowledgeable about compliance and regulatory requirements to minimize homo error.
Use backup and recovery software.
To ensure integrity, use version control, access control, security control, data logs and checksums.

Availability

Apply preventive measures such as redundancy, failover and RAID. Ensure systems and applications stay updated.
Use network or server monitoring systems.
Ensure a data recovery and business continuity (BC) plan is in identify in case of data loss.

History of the CIA triad

The concept of the CIA triad formed over time and does not have a single creator. Confidentiality may have first been proposed as early on as 1976 in a report past the U.S. Air Force. As well, the concept of integrity was explored in a 1987 newspaper titled "A Comparison of Commercial and War machine Reckoner Security Policies" written by David Clark and David Wilson. The paper recognized that commercial computing had a need for accounting records and data correctness. Even though it is not as piece of cake to find an initial source, the concept of availability became more widespread ane year later in 1988.

By 1998, people saw the three concepts together as the CIA triad.