.png)
Information security policies are developed using the CIA Triad model, a well-known and venerable framework that identifies problem areas and recommends solutions. The CIA triad is so central to information security that, whenever there is a breach of data, a system attack, a user taking a phishing bait, an account being hijacked, a website being maliciously taken down, or any number of other security incidents, you can be confident that one or more of these principles has been violated.
CIA is defined as Confidentiality, Integrity, and Availability. It is a very important information security model
Confidentiality:
=============
In this day and age, data leaks are on the rise, and lots of data have already been exposed, thus we need to secure our data from cyber attackers by fixing vulnerabilities on many platforms, such as websites, mobile applications, cloud servers, etc.
Information confidentiality depends on defining and enforcing access levels. Some companies do this by separating information into various collections that are organized by who needs access to the information and how sensitive it is - e.g. the amount of damage suffered if confidentiality is breached.
Integrity:
========
Integrity is the quality of being whole or complete. Integrity in InfoSec refers to the verification that data has not been tampered with and, thus, can be trusted. It is correct, authentic, and reliable.
Integrity involves protecting data in use, in transit (such as when sending an email or uploading or downloading a file), and when it is stored, whether on a laptop, on a portable storage device, in the data center, or in the cloud
As a fundamental element of the CIA Triad, this system ensures that data is protected from deletion or modification by an unauthorized party and that when an authorized person makes a change that should not have been made, the damage can be reversed.
Availability:
==========
CIA Triad refers to the actual availability of your data and is the final component. All authentication mechanisms, access channels, and systems must function properly for the information they protect and ensure it is available when needed.
A high availability system is a computing resource that has an architecture that is specifically designed to improve availability. Depending on the HA system design, this may monitor hardware failures, upgrades, or power outages to help improve availability, or it may manage several network connections to route around various network outages.
Data, systems, and applications are of little value to an organization and its customers if they are not accessible when authorized users need them. Availability means that networks, systems, and applications are available. Access to resources is timely and reliable when it is needed by authorized users.
HOW TO APPLY CIA:
================
Depending on an organization’s safety goals, the industry, the character of the business, and any relevant regulatory requirements, such 3 ideas may take priority over another. A key idea to recognize approximately the CIA triad is that prioritizing one or extra ideas can suggest the tradeoff of others. For example, a device that calls for excessive confidentiality and integrity may sacrifice lightning-velocity overall performance that different systems (together with eCommerce) may feel extra highly
-By Abhishek Joshi CyberBugs