A cornerstone in cybersecurity is the CIA triad. In cybersecurity CIA stands for Confidentiality, Integrity, and Availability. Here’s a look at each one and why they are important.
To preserve confidentiality, data must not be accessible by any parties other than those authorized to access it. This seems simple enough, but many businesses have found themselves in trouble for selling their customer contact information. Breaches of financial data confidentiality come with legal headaches and fines up to the triple-digit millions. InfoWatch has a great infographic on this if you want to dive a little deeper. The reason for the penalties to faltering confidentiality is that ultimately a breach of trust has taken place. As customers of a website, we have the expectation that our data will be kept private. When we are engaged in commerce or medical interactions that expectation is heightened.
Integrity refers to the state or condition of the data. If data has been altered or deleted via a system glitch or by an authorized user, its integrity has been compromised. Integrity and correctness are not the same condition. An authorized user may make a legitimate change to data that is in error. In this case, the data’s integrity is still intact even though the data is inaccurate. For a simple example of a violation of data integrity, think back to the game of telephone. A bunch of kids sit around in a circle. One of them starts the game by whispering a message into the ear of the next kid. The second kid repeats the message to the third and so on until the message gets back to the originator. The last person to receive the message announces out loud what they heard. The message originator lets everyone know what the actual message was and if it matches the final message. The integrity of the message maybe lost as it traveled from person to person, sometimes because it was misheard and other times because it was intentionally changed. While this example is trivial, it is not difficult to imagine one that isn’t.
Availability is self-evident. We have an expectation that we will be able to access our data at any time of day, every day of the year. That is the principle of availability. This becomes an issue when normal operations are interrupted excluding a case of simple system maintenance. For example when a denial-of-service (DoS) attack takes place, we are not able to access the affected system and data as a result of the attack. Many DoS and DDoS (Distributed-Denial-of-Service) attacks are launched for the express purpose of preventing a site or a service from functioning. For businesses this leads to lost sales. TechInsurance gave an estimate of sales losses to small businesses from DoS attacks run “between $8,000 to $74,000 for every hour of downtime.”
Each element of CIA must be upheld to have trust in online data.
Commentaires