Understanding the CIA Triad in Cyber Security

Security triad : confidentiality, integrity, and availability (CIA) : Confidentiality ensures that only the intended persons or recipients can access the data. Integrity aims to ensure that the data cannot be altered; moreover, we can detect any alteration if it occurs. Availability aims to ensure that the system or service is available when needed. Authenticity : Authentic means not fraudulent or counterfeit. Authenticity is about ensuring that the document/file/data is from the claimed source. Nonrepudiation : Repudiate means refusing to recognize the validity of something. Nonrepudiation ensures that the original source cannot deny that they are the source of a particular document/file/data. This characteristic is indispensable for various domains, such as shopping, patient diagnosis, and banking. Utility : Utility focuses on the usefulness of the information. For instance, a user might have lost the decryption key to access a laptop with encrypted storage. Although the user still has the laptop with its disk(s) intact, they cannot access them. In other words, although still available, the information is in a form that is not useful, i.e., of no utility. Possession : This security element requires that we protect the information from unauthorized taking, copying, or controlling. For instance, an adversary might take a backup drive, meaning we lose possession of the information as long as they have the drive. Alternatively, the adversary might succeed in encrypting our data using ransomware; this also leads to the loss of possession of the data. The security of a system is attacked through one of several means. It can be via the disclosure of secret data, alteration of data, or destruction of data. Disclosure is the opposite of confidentiality. In other words, disclosure of confidential data would be an attack on confidentiality. Alteration is the opposite of Integrity. For example, the integrity of a cheque is indispensable. Destruction/Denial is the opposite of Availability. The opposite of the CIA Triad would be the DAD Triad: Disclosure, Alteration, and Destruction. #learncyber #cybersecuritytutorial #learncybersecurity