first to do
confidentiality; authorized users,encryption, IPSec, multifactor authentication
second to do
integrity; data not tampered,hashing
third to do;
availability; access to data by only authorized, fault-tolerant disk
- Confidentiality
Confidentiality refers to an organization’s efforts to keep their data private or secret.
Typically, this involves ensuring that only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access.
Confidentiality can be violated in many ways, for example, through direct attacks designed to gain unauthorized access to systems, applications, and databases in order to steal or tamper with data
Network reconnaissance and other types of scans, electronic eavesdropping (via a man-in-the-middle attack), and escalation of system privileges by an attacker are just a few examples.
But confidentiality can also be violated unintentionally through human error, carelessness, or inadequate security controls. Examples include failure (by users or IT security) to adequately protect passwords; sharing of user accounts; physical eavesdropping (also known as shoulder surfing)
failure to encrypt data (in process, in transit, and when stored); poor, weak, or nonexistent authentication systems; and theft of physical equipment and storage devices.
Countermeasures to protect confidentiality include data classification and labeling; strong access controls and authentication mechanisms; encryption of data in process, in transit, and in storage; steganography; remote wipe capabilities; and adequate education and training for all individuals with access to data
Integrity
integrity refers to the quality of something being whole or complete
In InfoSec, integrity is about ensuring that data has not been tampered with and, therefore, can be trusted. It is correct, authentic, and reliable
Ensuring integrity involves protecting data in use, in transit (such as when sending an email or uploading or downloading a file), and when it is stored, whether on a laptop, a portable storage device, in the data center, or in the cloud
integrity can be compromised directly via an attack vector (such as tampering with intrusion detection systems, modifying configuration files, or changing system logs to evade detection) or unintentionally, through human error, lack of care, coding errors, or inadequate policies, procedures, and protection mechanisms
Countermeasures that protect data integrity include encryption, hashing, digital signatures, digital certificatesTrusted certificate authorities (CAs) issue digital certificates to organizations to verify their identity to website users, similar to the way a passport or driver’s license can be used to verify an individual's identity. , intrusion detection systems, auditing, version control, and strong authentication mechanisms and access controls
Note that integrity goes hand in hand with the concept of non-repudiation: the inability to deny something. By using digital signatures in email, for example, a sender cannot deny having sent a message, and the recipient cannot claim the message received was different from the one sent. Non-repudiation assists in ensuring integrity.
Availability
Quite simply, availability means that networks, systems, and applications are up and running. It ensures that authorized users have timely, reliable access to resources when they are needed
Many things can jeopardize availability, including hardware or software failure, power failure, natural disasters, and human error.
Perhaps the most well-known attack that threatens availability is the denial-of-service attack, in which the performance of a system, website, web-based application, or web-based service is intentionally and maliciously degraded, or the system becomes completely unreachable.
Countermeasures to help ensure availability include redundancy (in servers, networks, applications, and services), hardware fault tolerance (for servers and storage), regular software patching and system upgrades, backups, comprehensive disaster recovery plans, and denial-of-service protection solutions.
A key concept to understand about the CIA triad is that prioritizing one or more principles can mean the tradeoff of others.
For example, a system that requires high confidentiality and integrity might sacrifice lightning-speed performance that other systems (such as ecommerce) might value more highly
https://www.f5.com/labs/articles/education/what-is-the-cia-triad
- Confidentiality
Protecting confidentiality is dependent on being able to define and enforce certain access levels for information
In some cases, doing this involves separating information into various collections that are organized by who needs access to the information and how sensitive that information actually is - i.e. the amount of damage suffered if the confidentiality was breached.
Some of the most common means used to manage confidentiality include access control lists, volume and file encryption, and Unix file permissions.
Integrity
designed to protect data from deletion or modification from any unauthorized party
Availability
Authentication mechanisms, access channels and systems all have to work properly for the information they protect and ensure it's available when it is needed
High availability systems are the computing resources that have architectures that are specifically designed to improve availability. Based on the specific HA system design, this may target hardware failures, upgrades or power outages to help improve availability, or it may manage several network connections to route around various network outages.
https://www.forcepoint.com/cyber-edu/cia-triad
- The CIA triad is a common model that forms the basis for the development of security systems.
They are used for finding vulnerabilities and methods for creating solutions.
it helps guide security teams as they pinpoint the different ways in which they can address each concern
Confidentiality
Confidentiality involves the efforts of an organization to make sure data is kept secret or private. To accomplish this, access to information must be controlled to prevent the unauthorized sharing of data—whether intentional or accidental
A key component of maintaining confidentiality is making sure that people without proper authorization are prevented from accessing assets important to your business.
Conversely, an effective system also ensures that those who need to have access have the necessary privileges.
those who work with an organization’s finances should be able to access the spreadsheets, bank accounts, and other information related to the flow of money. However, the vast majority of other employees—and perhaps even certain executives—may not be granted access. To ensure these policies are followed, stringent restrictions have to be in place to limit who can see what.
This may involve direct attacks aimed at gaining access to systems the attacker does not have the rights to see. It can also involve an attacker making a direct attempt to infiltrate an application or database so they can take data or alter it.
techniques such as man-in-the-middle (MITM) attacks, where an attacker positions themselves in the stream of information to intercept data and then either steal or alter it. Some attackers engage in other types of network spying to gain access to credentials. In some cases, the attacker will try to gain more system privileges to obtain the next level of clearance
Human error or insufficient security controls may be to blame as well. For example, someone may fail to protect their password—either to a workstation or to log in to a restricted area. Users may share their credentials with someone else, or they may allow someone to see their login while they enter it.
In other situations, a user may not properly encrypt a communication, allowing an attacker to intercept their information. Also, a thief may steal hardware, whether an entire computer or a device used in the login process and use it to access confidential information.
you can classify and label restricted data, enable access control policies, encrypt data, and use multi-factor authentication (MFA) systems. It is also advisable to ensure that all in the organization have the training and knowledge they need to recognize the dangers and avoid them
Integrity
Integrity involves making sure your data is trustworthy and free from tampering.
An attacker may bypass an intrusion detection system (IDS), change file configurations to allow unauthorized access, or alter the logs kept by the system to hide the attack.
if the company’s security policies, protections, and procedures are inadequate, integrity can be violated without any one person in the organization accountable for the blame
To protect the integrity of your data, you can use hashing, encryption, digital certificates, or digital signatures. For websites, you can employ trustworthy certificate authorities (CAs) that verify the authenticity of your website so visitors know they are getting the site they intended to visit
A method for verifying integrity is non-repudiation, which refers to when something cannot be repudiated or denied. For example, if employees in your company use digital signatures when sending emails, the fact that the email came from them cannot be denied. Also, the recipient cannot deny that they received the email from the sender.
Availability
Even if data is kept confidential and its integrity maintained, it is often useless unless it is available to those in the organization and the customers they serve.
individuals with access to specific information must be able to consume it when they need to
for example, there is a power outage and there is no disaster recovery system in place to help users regain access to critical systems, availability will be compromised. Also, a natural disaster like a flood or even a severe snowstorm may prevent users from getting to the office, which can interrupt the availability of their workstations and other devices that provide business-critical information or applications.
Availability can also be compromised through deliberate acts of sabotage, such as the use of denial-of-service (DoS) attacks or ransomware.
To ensure availability, organizations can use redundant networks, servers, and applications
You can also enhance availability by staying on top of upgrades to software packages and security systems.
Backups and full disaster recovery plans also help a company regain availability soon after a negative even
The CIA triad provides a simple yet comprehensive high-level checklist for the evaluation of your security procedures and tools
An effective system satisfies all three components: confidentiality, integrity, and availability. An information security system that is lacking in one of the three aspects of the CIA triad is insufficient.
The CIA security triad is also valuable in assessing what went wrong—and what worked—after a negative incident. For example, perhaps availability was compromised after a malware attack such as ransomware, but the systems in place were still able to maintain the confidentiality of important information.
However, it is particularly helpful when developing systems around data classification and managing permissions and access privileges.
You should also stringently employ the CIA triad when addressing the cyber vulnerabilities of your organization.
It can be a powerful tool in disrupting the Cyber Kill Chain, which refers to the process of targeting and executing a cyberattack
The CIA security triad can help you hone in on what attackers may be after and then implement policies and tools to adequately protect those assets.
You can use hypothetical scenarios or real-life case studies to help employees think in terms of the maintenance of confidentiality, integrity, and availability of information and systems
https://www.fortinet.com/resources/cyberglossary/cia-triad#:~:text=The%20three%20letters%20in%20%22CIA,and%20methods%20for%20creating%20solutions.
- Confidentiality. A system’s ability to ensure that only the correct, authorized user/system/resource can view, access, change, or otherwise use data.
No comments:
Post a Comment