The CIA triads – Confidentiality integrity and availability, these are the three key security objectives of any information system.
- The data that has to remain confidential like private data of an employee, IP address of computer system, data related to an organisation must be secured by computer system security policies.
- Confidentiality is used to prevent the disclosure of information to unauthorized persons or systems.
- For instance, a credit card transaction on the internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system tries to enforce confidentiality by encrypting the card number during transmission, limiting the places where it can appear, and limiting access to those places. If an unauthorized party obtains a card number in any way, privacy is violated.
- Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information system holds.
- The data that is important for an employee as well as for an organisation it must be integrated by security policies(data must remain as it is that is stored by the user initially).
- Integrity means that data cannot be modified without authorisation. There are many ways in which integrity could be spoil without malicious intention. The user may type someone’s address incorrectly.
- On a large scale, if an automated process is not written and tested correctly, bulk updates in the database can alter the data incorrectly, thereby compromising the integrity of the data.
- Information security professionals are tasked with finding ways to implement controls that prevent integrity errors.
- Availability of important data must be ensure by the computer system security policies and these policies effort continuously for the availability, but data must be available for authenticated users only.
- Availability is an important part of CIA Traids( confidentiality integrity and availability). Availability basically means that the computing systems used to store and process the information, the security controls used to protect it, and communication channels used to access it must be functioning correctly.
- High availability systems aim to remain availability at all times, preventing services disruptions due to power outages, hardware failures, and system upgrades.