What does it mean in simple terms?
The CIA triad refers to the main goals of Security which are Confidentiality, Integrity and Availability. Any security attack must be compromising at least one or all of this triad for it to be considered successful. Let’s dive straight in.
Confidentiality: Keeping information and information systems secure from unauthorized access. This is often achieved using encryption e.g. passwords. There are two major types of encryption and they are Symmetric and Asymmetric. Symmetric uses the same key and algorithm for encryption and decryption. Asymmetric algorithm uses a key and algorithm for encryption, but uses a different key for decryption (often referred to as a key pair). Click here for our article on Encryption made simple.
Integrity: This simply means ensuring a message is unchanged. That is, if data is in transit, it has not changed between the source and destination (intentionally or unintentionally). If data is at rest, it has not been altered by unauthorized subjects (user or process). There are two types of integrity and the other type of integrity is integrity of system. This means a system functions as intended.
Integrity of data can be verified using a process called hashing and this process produces what is called a digest or hash.
Availability: This simply means a system is responsive when called upon to do what it is meant to. E.g. an e-commerce website is always reachable when a user or customer wants to order a good or service. Non-availability of the website would be bad for business because it could push them to competitors, could make the company appear unreliable, and this would in turn damage the Company’s reputation, and in turn revenue. A good example to look at would be Amazon or ebay servers going down or not reachable for even just a day.
Check out our article on ensuring the availability, integrity and confidentiality of information and information systems.
