Skip to content

WA1. CIA Triad

Statement

For this assignment, perform the following tasks:

  1. Expand and explain the CIA triad. How do they support the cybersecurity defenses against cybercriminals? (minimum 100 words)
  2. Conduct additional research, find an example of when an organization (business) successfully protected its assets against cyber-criminals by properly implementing cybersecurity C.I.A. triad. (minimum 100 words)
  3. Write one concluding paragraph (100 words minimum) presenting your opinion on why a proper implementation of the C.I.A triad is a core stone for cyber defense.

Task 1

The CIA triad is a conceptional model that describes the three pillars of cybersecurity: Confidentiality, Integrity, and Availability. The model is used as a guide to build security polices within organizations. The three pillars are defined as follows:

  • Confidentiality is a set of rules that limits access to information. Similar to privacy; or preventing unauthorized access to information.
  • Integrity is the assurance that the information is trustworthy and accurate; or preventing unauthorized modification of information.
  • Availability is a guarantee of reliable access to the information by authorized people; or information are always available to authorized users.

CIA triad supports the cybersecurity defenses against cyber criminals by providing a framework that security professionals can build their strategies and plan their actions around; also the literature around the CIA suggests some common processors that can be followed to increase each side of the triad. For example, we can encryption, suername/password, and two-factor authentication to increase confidentiality; hashing, checksums, and digital signatures to increase integrity; and backups, redundancy, and disaster recovery to increase availability (Chai, 2021).

Task 2

As we explained in the previous task, the CIA triad is a general framework that has a wide range of interpretations and implementations; and the extent to which an organization follows really depends on the organization, the local laws, and the sensitivity of the information it holds (Chai, 2021).

According to Fortinet (n.d.), CIA triad is widely used since 1988, and since all security professionals are aware of it; the success of CIA triad can be seen in almost every day-to-day interaction with the internet.

Our bank applications implement the CIA triad, thus we can not access other users account and buy things at their expense (confidentiality); we can always check our balance and transactions (availability); and we can use our bank to buy things online (integrity, only us can modify our balance).

Another example is the Moodle application, I can not access other students’ grades or other private information(confidentiality); I can always access my courses, grades, and post assignments(availability); and I can not impersonate my professor and change my grades (integrity).

Task 3

As we explained in the previous tasks, the CIA triad is a general framework and guidelines, and how properly an organization should follow it depends on so many factors, starting from the organization size, business model, and the sensitivity of the information it holds. Nonetheless, the fundamentals of the CIA must be followed at all costs and in every organization.

When developing a system, you need a security policy that governs how the components of the system interact with each other and with the outside world. Such a policy if built around the CIA triad, will ensure that the system is secure and reliable. For example, increasing confidentiality will increase integrity as less people can view information to modify it.

References