The three components of CIA triangle
are Confidentiality, Integrity and Availability. The basic principle of why
this model was designed is to follow guiding principles to secure information
of an Organization. Confidentiality has a set of rules which limits the access
of information. This way only the authorized persons will have access to
information. Integrity is to make sure the information is clean, trustworthy
and accurate. In this case no one can over write the original information for
beneficiary purposes. Availability is to guarantee the access to only the
Confidentiality: This component of CIA triangle
is almost similar to privacy in terms of accessing the information only to
authorized persons. Certain protocols and measures are taken to make sure only the right people
can access and others cannot have access. The process of securing data involves
to categorize according to the type and amount of data because it may cause
trouble when it is read by unauthorized persons. Special training is necessary
to protect and secure information. The purpose of training will familiarize
authorized person about the risk factors and how to safe guard against them.
Protecting the information encourages customers to have a strong passwords to prevent
others from miss-handling the information and cause disastrous results.
Good and simple example is how to access your Gmail account. User is
encouraged to set strong passwords, 3 step verifications etc. Entering the
password is just not enough to login to an account, security code will be sent
to the phone number which was registered as primary contact number at the time
of creating the account. Also when logging in with the same device we can save
the passwords and security questions. But logging in with other devices will
again requires a password and step 2 & 3 verifications where few questions need
to be answered.
Integrity: This component
helps in maintaining the information trustworthy and accurate throughout the
process of life cycle. During the process of life cycle steps and measures are
taken care of that data is not altered, transferred and manipulated by anyone.
System may generate some errors in data while migrating or updating due to the
versions and file permissions. Certain steps need to be followed to not allow
such kind of errors to happen in data.
Example: Organizations that use SQL Server tool
as their database to protect and access their data, when updates are required
to the tool, the system engineers are trained to make sure follow certain guide
lines to migrate the tool with no change in data. Also protect from
manipulation of data or any system generate errors. Few cases where users will
have no access to tool which indicates transition of data is unsuccessful. So
to avoid such situations back up plan is always required and helpful.
Availability: This component of CIA triangle is
to make sure the data is available at the right time when it is needed. Having able to access the information
when user needs to is the priority of this component. This component will be able to function only when all the
system related and remaining components are working properly. Due to issues
like not granting access to authorized people, information not being available
to users when needed, wrong information is displayed when user access or no
information at all when user’s access will make the process of securing
information fail. This component will
take effective measures to protect the information and ensure that information
is available to right people at right time.
Example: Accessing the bank account. People access
bank account to look at their account activities. What if no information is
available or incorrect information is displayed. High chances of losing trust
in the Organization and their security measures.