That which protects the integrity, confidentiality, and availability of information

1.

Information security must protect information throughout the life span of the information, from the initial creation of the information on through to the final disposal of the information. The information must be protected permanently, i.e. either when stored in a file or being just processed or transmitted. Learn more in: Knowledge-Based Support of Medical Work in Home Care

3.

Information security must protect information throughout the life span of the information, from the initial creation of the information on through to the final disposal of the information. The information must be protected permanently, i.e. either when stored in a file or being just processed or transmitted. Learn more in: Knowledge-Based Support of Medical Work in Home Care

7.

The field of information security contains many important elements that influence information security incident management. Information security is the identification of technology assets and targets, the processes of defending or attacking those technology assets and targets, and the social constructs influencing attackers and defenders ( Pieters, 2011 ; Thomas & Dhillon, 2012 ; Vorobiev & Bekmamedova, 2010 ; Vuorinen & Tetri, 2012 ). These elements inform all aspects of information security as a common ontological framework. Learn more in: Turning Weakness into Strength: How to Learn From an IT Security Incident

9.

Information security is the preservation of confidentiality, integrity and availability of information. In accordance to corporate objectives and strategies, as well as stakeholder’s, legal, regulatory, business and standard requirements other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved. Learn more in: An Information Security Model for Implementing the New ISO 27001

25.

Is the process of protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption. This means protecting the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Learn more in: Security of Electronic Medical Records

26.

Policy and strategy of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction. Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Learn more in: Managing Compliance with an Information Security Management Standard

42.

Information security (INFOSEC) refers to the protection of information and information systems against unauthorized access and modification of information in storage, processing, or in transit. Learn more in: Secure Access to Biomedical Images

You have probably come across the term “CIA” in the news, movies or other media. When we think about the “CIA”, the first thing that pops up is most likely the US intelligence agency. However, CIA in cyber security has nothing to do with the intelligence agency. 

Instead, CIA in cyber security simply means: Confidentiality, Integrity and Availability. It’s also referred as the CIA Triad.

The CIA Triad is a model that organizations use to evaluate their security capabilities and risk. Addressing security along these three core components provide clear guidance for organizations to develop stronger and more effective security best practices and policies.

CIA Triad Broken Down

Confidentiality in cyber security

When doing business with clients and prospects, it is common to collect and store their personal information. Names, email addresses and phone numbers are a few examples of personal information. This is sensitive data that your company is responsible for protecting and securing. Relying and trusting your cloud or CRM provider is not enough. Your business needs to enforce extra security measures to ensure that your clients and prospects’ privacy is safeguarded.

Protecting confidentiality can start from defining and controlling access levels of information internally and externally. For example, those who work in the IT department that typically don’t interact with clients and prospects, should not have access to client information. If someone does not need a type of information to perform their work, then they should not have access to that information.

When data accessibility is limited, you significantly lower the chances of having information being leaked accidentally or intentionally.

Examples of confidentiality risks include data breaches caused by criminals, insiders inappropriately accessing and/or sharing information, accidental distribution of sensitive information to too wide of an audience.

Integrity in cyber security

Integrity means that data or information in your system is maintained so that it is not modified or deleted by unauthorized parties. This is an important element of data hygiene, reliability and accuracy.

To reserve data integrity, the easiest methods are backing up your data, using access controls, monitoring your audit trail and encrypting your data.

Examples of attacks on integrity include email fraud attacks (which compromise the integrity of communications), financial fraud and embezzlement through modification of financial records, even attacks like Stuxnet that impacted the integrity of industrial control systems data flows to cause physical damage.

Availability in cyber security

The final component of the CIA Triad is availability. It means that systems and data are available to individuals when they need it under any circumstances, including power outages or natural disasters. Without availability, even if you have met the other two requirements of the CIA Triad, your business can be negatively impacted.

To ensure availability, your organization can use redundant networks, servers and applications. These can be programmed to become available when the primary system is broken down. Besides having backups, the design of IT architecture plays a key role as well. For instance, if high availability is a component of your IT systems, then you could maintain a certain level of operational performance for an extended period of time even in unexpected circumstances.

Examples of attacks on availability include Denial of Service attacks, Ransomware (which encrypts system data and files so they are not accessible to legitimate users), even swatting attacks which can interrupt business operations.

Summary

A risk management process grounded in a strong understanding of the CIA Triad forms the basis of a robust security program and data management. When you follow this model and meet its requirements, your organization and clients are better protected. If you combine a risk management framework with regular technical testing and consistent monitoring you can effectively strengthen your security posture and reduce long-term risk exposure.

Enroll your teams in security awareness training to reduce the chance of falling victim to cyber attacks now.

Chat with us anytime if you want to learn more about cybersecurity. 

How to protect confidentiality integrity and availability?

What protects confidentiality and integrity?

Is the protection of the confidentiality integrity and availability of information assets?

What is integrity confidentiality and availability?