Understanding CIA and Its Universe: A Deep Dive into Information Security

Posted on by Rashid Siddiqui

Welcome back! In this blog post, we’ll continue our discussion on the fundamental principles of information security, focusing on the CIA triad—Confidentiality, Integrity, and Availability—and its inverse, DAD (Disclosure, Alteration, and Destruction). We’ll also delve into related concepts like non-repudiation, privacy, and examples that illustrate these terms.

The CIA Triad

Confidentiality

Confidentiality ensures that information is accessible only to those authorized to access it. To illustrate, consider two friends, A and B. If A sends a 100-dollar check to B in an envelope, only B should be able to open and use it. This is the principle of confidentiality. If someone else intercepts the message, confidentiality is breached.

Related Concepts:

  • Sensitivity: Reflects the quality of the message.
  • Criticality: Indicates the importance of the message for business or government operations.
  • Secrecy: Keeping the message secret, typically through encryption.
  • Privacy: Related to personally identifiable information like addresses and medical records.
  • Seclusion: Information kept off-site with access control.
  • Isolation: Information kept in a separate place.

Integrity

Integrity ensures that the information remains unaltered during transit. For example, if A sends 100 dollars to B, the amount should not change to 1000 dollars. If the information is altered, the principle of integrity is compromised.

Related Concepts:

  • Accuracy: Precision of the message.
  • Truthfulness: True state of the message.
  • Validity: Logically sound and factually correct.
  • Comprehensiveness: Completeness of the data.

Availability

Availability ensures that information and resources are accessible to authorized users when needed. If A’s 100-dollar check never reaches B, the principle of availability is compromised.

Definition: Timely and uninterrupted access to objects for authorized subjects.

The DAD Triad

  • Disclosure (inverse of Confidentiality): Unauthorized access to information.
  • Alteration (inverse of Integrity): Unauthorized modification of information.
  • Destruction (inverse of Availability): Information or resources are unavailable or destroyed.

Non-Repudiation and Authentication

Authentication

Authentication verifies the identity of a user. For instance, B needs to ensure that the 100-dollar check is indeed from A. This involves proof of identity, including something that identifies and verifies the user.

Non-Repudiation

Non-repudiation prevents the sender from denying that they sent a message. If A sends a 100-dollar check to B, A cannot later deny sending it. This principle holds the sender accountable for their messages.

Practical Applications and Further Reading

Understanding the CIA triad is crucial for building robust information security frameworks. Here are some references from renowned sources to support the concepts discussed:

  • Books:
  • “Computer Security: Art and Science” by Matt Bishop
  • “Principles of Information Security” by Michael E. Whitman and Herbert J. Mattord
  • Research Papers:
  • “A Survey on Information Security Metrics” by Charalampos Patrikakis, published in the IEEE Communications Surveys & Tutorials.
  • “Confidentiality, Integrity, and Availability” by P. Porras, part of the book “Security Engineering: A Guide to Building Dependable Distributed Systems” by Ross Anderson.
  • Articles:
  • “The CIA Triad” by Nicole Sweeney Etter, published on the Infosec Institute website.
  • “Understanding the CIA Triad in Cybersecurity” by Margaret Rouse, available on TechTarget.
  • News:
  • “The Role of Confidentiality, Integrity, and Availability in Cybersecurity” by John Ford, featured in CSO Online.
  • “Recent Cyber Attacks Highlight the Importance of CIA Triad” from The Wall Street Journal.

Conclusion

This post provided a detailed explanation of the CIA and DAD triads, along with related concepts like non-repudiation and authentication. Understanding these principles is essential for anyone involved in information security. We will continue exploring more practical scenarios and advanced topics in upcoming posts.

Best of luck with your exams, and see you in the next video!

One thought on “Understanding CIA and Its Universe: A Deep Dive into Information Security

  1. Pingback: The CIA Triad: Confidentiality, Integrity, and Availability, Day 2 Cybersecurity Training

Leave a comment