You might have heard of the CIA…no I’m not talking about the Central Intelligence Agency.  CIA when it comes to cybersecurity refers to Confidentiality, Integrity, and Availability.

Confidentiality

In a nutshell, this means that you want to keep your critical data from leaving your network and being shared with anyone else.  This leg of the CIA triad is very important because without it, nothing on your network could be kept secret.  The goal of confidentiality is to ensure that data is accessible only to those that have the right to access it and no one else.

Integrity

Integrity means that the data is whole and not changed (or deleted).  Securing the integrity of the data means that only those with the correct permissions can edit, modify, or delete the data.  Obviously, the best way to ensure data integrity is to lock it down from everyone, but that creates another problem…which leads to our final point…

Availability

Data needs to be available so that people can access it and use it.  A webserver that is not plugged into a network is indeed very secure, but would not be able to be accessed from the internet, thus rendering it useless.  Ensuring the availability of data means it is accessible to everyone that should be able to access it.

 

I’ll now give a few examples of how this all ties together.  Let’s say a hacker performs a Denial of Service attack on a website and causes it to go down.  The hacker has impacted the Availability of the site, but unless he actually accessed the server on administrative level, the integrity and confidentiality of the data will remain.

If this same hacker managed to access the server and delete all the data on it before taking it down, he would have impacted all three legs of the triad.  The data is no longer confidential (because he saw it), and the integrity is lost (he deleted it), and the availability is also lost (no one can access the site).