A concept used in cybersecurity and information security
"…nothing to do with the agents that introduce crack into the ghettos and send pallets of cash and weapons to terrorists in order to ensure our democracy. No, the CIA Triad is an information security model"
—Mental Outlaw
You are all storing some data, be it family photos, nudie pics, documents, work files or notes. Wherever and however you keep it, you want to make certain you can get to it without interference, or without anyone else can peek at it. Enter the CIA triad. Now prepare to be disappointed. This is not a writeup about shadowy three-letter agencies, spooky black operations intent on getting your naughty swimsuit pics. Rather, it's a fundamental balancing concept in cybersecurity and information security. In this context CIA stands for Confidentiality, Integrity, and Availability, principles that are essential for designing and maintaining secure systems. It bears thinking about whether you maintain your own servers or someone else's.
For those us us storing data, each element is crucial. Obviously we store data with a view to keeping it available to people when needed. Availability means redundancy, failover systems, and regular maintenance to prevent disruptions and ensure access. It's key to ensuring that systems remain operational and reliable. Integrity means that the information is accurate, consistent, and has not been altered or tampered with. This is crucial for trustworthiness and reliability. Whatever you keep, you want to know that data are only visible to those who are authorized to view it, using encryption, access controls, and secure communication. Integrity ensures that information is accurate, consistent, and has not been altered or tampered with. This can mean checksums, hashing, and digital signatures to verify that data has not been changed by bad actors, crucial for trustworthiness and reliability. Confidentiality: This is about ensuring that information is only accessible to those who are authorized to view it. Confidentiality is maintained through measures like End-to-end encryption, access controls, and secure communication channels. It helps protect sensitive data from spying eyes through unauthorised access and breaches.
It applied when people used physical drawers, shoe boxes or under the mattress. But in the modern age of smartphones, data mobility and cloud access, keeping stuff secure and yet still available is highly problematic. It's easy enough to encrypt or hide/obscure files, but that can impede availability. It's a tough balance to meet.
$ xclip -o | wc -w
398