CIA Triad: Choose one of the areas of the CIA Triad, i.e., Confidentiality, Integrity, or Availability. Describe that area and provide one real-world example of a breach of that area chosen and what c
Collapse
Top of Form
Confidentiality, integrity and availability (CIA triad) is a model designed to guide the policies for information security with the organization. (Rouse, 2020). The CIA triad is so foundational to the information security that if the system is attacked, phishing attack, account hijacked, data leaker, or other incidents related to security occur then, one can be certain that one of these three principles have been violated. These principles function as the goals and objectives for every security program (Walkowski, 2019).
Confidentiality is similar to privacy and it is important especially in today’s world for people to protect their sensitive personal information. Confidentiality is ensured so that the unauthorized people do not have access to these private information whereas, the authorized people have access to these information. Additionally, within a group of authorized users, there may be additional measures taken to ensure that which information those authorized users have access to. The information which only needs to be made available to some users, does not need to be made available to everyone. Examples of practices that help to ensure confidentiality are the use of account number and routing number in online banking, data encryption, two factor authentication procedure, security tokens, biometric verification, etc. Likewise, the users can also take precautions to minimize the number of places where the information is stored or appeared, or by only storing on air gapped computers if the information is very sensitive (Rouse, 2020). Confidentiality can be violated through direct attacks to gain unauthorized access to systems, applications, and databases to steal data. However, confidentiality can also be violated unintentionally through human error, carelessness, or inadequate security controls. The countermeasures to protect confidentiality include data classification, data labelling, strong access controls, authentication, encryption, and adequate education and awareness for people who have access to data (Walkowski, 2019).
For example, in October 2013, Adobe reported that hackers had stolen nearly 3 million encrypted customer credit card records, plus login data for an undetermined number of user accounts. Later, the company raised the estimate to include IDs and encrypted passwords for 38 million active users, and the hack also exposed customer names, IDs, passwords, debit and credit card information (Swinhoe, 2020). The countermeasures to address this breach is, storing the data in a secure place, and using strong multi factor authentication procedures. It is also important that the company does not expose these customer information to public areas, and implement adequate security and internal controls. Likewise, even the security software installed on the computers need to be up to date.
References
Rouse, M. (2020, April 7). What is the CIA Triad? Retrieved from
https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA
Walkowski, D. (2019, July 9). What Is The CIA Triad? Retrieved from
https://www.f5.com/labs/articles/education/what-is-the-cia-triad
Swinhoe, D. (2020, April 17). The 15 biggest data breaches of the 21st century. Retrieved from
https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
Bottom of Form