Skip to main content

๐Ÿ˜€ CIA/IAAA

CIA

In security terms, CIA stands for: Confidentiality, Integrity and Availability
These three principles form the cornerstone of any organisation's security infrastructure.

Confidentiality

Confidentiality has been written about here Confidentiality

Integrity

Integrity is about ensuring that data has not been tampered with and can be trusted. It is correct, authentic and reliable.

Integrity can be compromised directly by methods including:
Deliberately
- Tampering with intrusion detection systems
- Modifying configuration files
- Changing system logs to evade detection

Unintentionally:
- Through human error
- Lack of care
- Coding errors
- Inadequate policies, procedures, and protection mechanisms

How can integrity be ensured?

- Encryption
- Hashing
- Digital signatures
- Digital certificates
- Intrusion detection systems
- Auditing
- Version control
- Strong authentication mechanisms and access controls

Availability

Availability means that networks, systems and applications are up and running. It ensures authorused users have timely, reliable access to resources when they're needed
Things can jeopardise availability, including:
- Hardware or software failure
- Power failure
- Natural disasters
- Human error

Example

The most well known attack that threatens availability is the denial of service attack, in which the performance of a systsm, website, web based application/service is degraded and the syste, becomes unreachable.

How can availibility be ensured?

- Redundancy (in servers, networks, applications and services)
- Hardware fault tolerance (for servers and storage)
- Regular software patching and system upgrades
- Backups
- Comprehensive disaster recovery plans
- Denial-of-service protection solutions

IAAA

This is Identification, Authentication, Authorisation and Accountability
These are key concepts to understanding identity access management.

Identification

This is who you are
Without identifying yourself, you cannot access a system
Normal methods of identification includes:
- Your name
- Username
- ID number

Authentication

After you've identified yourself, you need to prove you are who you say you are. That is authentication.
Authentication methods:
- Something you know, password
- Something you have, token
- Something you are, fingerprint
- Something you are, IP address
- Something you can do, signature

Authorisation

Once you've identified and proved who you are using authentication, you will be given access to the system once your authorisation has been determined.
What is authorisation
- Authorisation determines which part of the system / data you are allowed to access and what actions you are allowed to do with that access. For example, read and write.

Accountability

Once you've been given access to a system and authorised to perform certain tasks, accountability takes place.
What is accountability?
- Being able to trace an action back to an individual
- Prove what someone did, and when they did it: known as non-repudiation
- This is also known as auditing (audit logs)

Maintaining CIA

Why is it important?

- Maintains compliance with legislation
- Maintains trust with internal and external stakeholders
- Promotes positive brand image
- Avoids security risks and unauthorised access

Lack of CIA

Consequenses

Financial
- Regulatory fines
- Refunds/compensation to customers
- Loss of earnings

Legal
- Lawsuits
- Termination of contract

Reputational
- Loss of customers
- Damage to brand

Contents

Improve this page