Information security foundations, CIA Triad

               The C.I.A. triangle has been the industry standard for computer security since the development of the mainframe. It is based on the three characteristics of information that give it value to organizations:

Integrity:-

Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change.

Integrity includes data integrity and system integrity.

•    Data integrity

•        Assures that  information and programs are changed only in a specified and authorized manner

•    System integrity

•        Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system

Availability:-

           Availability refers to the ability to use information or resources. Availability is an important aspect of reliability as well as of system design because an unavailable system is at least as bad as no system at all.

The availability assures that a systems work promptly and services is not denied to authorize users.

Confidentiality:-

           Confidentiality is the concealment of information or resources.

•        Data confidentiality

    Protection of data from un-authorized disclosure.

•        Authentication is the most basic service to ensure that desired permission is well verified and safe.

•        Privacy

•        Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Additional concept:-

 

 Although the use of the CIA triad to define security objectives is well established, some in the security field feel that additional concepts are needed to present a complete picture. 

Two of the most commonly mentioned are as follows:

• Authenticity:  

                      The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source.

• Accountability:   

                    The security goal that generates the requirement for actions of an entity to be traced

uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after action recovery and legal action. Because truly secure systems are not yet an

achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.