Lecture Notes: The CIA Triad in IT Security

Introduction

• CIA Triad: An acronym used for the fundamentals of IT security.
  • Sometimes called the AIC Triad to avoid confusion with the Central Intelligence Agency.
• Components: Confidentiality, Integrity, Availability.

Confidentiality

• Definition: Prevent unauthorized access to private information.
• Methods:
  • Encryption: Data is encrypted and only the intended recipient can decrypt it.
  • Access Controls: Limits who can access certain information.
    • Example: Marketing can access marketing presentations but not accounting data.
  • Authentication Factors: Additional measures to ensure only authorized access.

Integrity

• Definition: Ensure the recipient receives data exactly as it was sent.
• Methods:
  • Hashing: Sender creates a hash; recipient verifies by creating the same hash.
  • Digital Signatures: Encrypted hash to verify data integrity and sender identity.
  • Certificates: Verify devices or people to enhance integrity.
• Non-repudiation: Ensures proof of data integrity and origin.

Availability

• Definition: Systems must remain operational and accessible.
• Methods:
  • System Design: Ensure systems are always up and running.
  • Fault Tolerance: Redundant components to maintain operation if one fails.
  • System Management: Regular updates and patches to ensure stability and security.

Conclusion

• The CIA Triad provides a framework for understanding and implementing effective IT security.
• Balancing confidentiality, integrity, and availability is crucial for safeguarding information and ensuring systems are both secure and functional.