The CIA Triad: Three Pillars to IT Security

In February of 2020 corporate enterprises around the world sent their employees home during the COVID-19 pandemic, compelling IT departments to rush deployments on plans to support an entirely remote workforce. This increase in a remote workforce has increased the risk of cyberattacks. With these attacks being foremost on the minds of every IT professional, the best approach to mitigating these attacks should be to utilize the CIA Triad approach.

This approach was established by the International Information System Security Certification Consortium (a non-profit organization which specializes in training and certifications for cybersecurity professionals) to limit cybersecurity risks by addressing concerns regarding the confidentiality, integrity, and availability of mission critical data. (ISC)² has been described as the “world’s largest IT security organization.”

‍

The three pillars of the CIA Triad security model guide our thinking about the risks to the many moving parts of IT security:

Pillar One – Confidentiality

The ‘C’ in the CIA Triad includes solutions that are designed to stop the unauthorized access of private and confidential information. These solutions include NIST (National Institute of Standards and Technology) guidelines in the special publication 800-122, the guide to protecting the confidentiality of personal identifiable information.

We know there are laws and guidelines that protect us. Most corporate entities do their best to enact policies and procedures that follow these laws and guidelines. If the data’s confidentiality is not maintained, consumers will lose trust in the firm. That confidence is solidified if the firm follows policies and procedures promoted by the Confidentiality pillar in the CIA Triad.

Pillar Two – Integrity

The ‘I’ in the CIA Triad promotes maintaining the consistency and accuracy of data over its entire lifecycle. What would happen if your blood type or other health records were inaccurate, and you were preparing for a surgical procedure? A study estimated that such mistakes occur in approximately 1 of 112,000 surgical procedures. Data integrity confirms that the outcome of the system is precise and factual because one may literally live or die by the accuracy of the data.

Pillar Three – Availability

In this pillar, authorized users are granted timely and uninterrupted access to items. What if you could not get access to your health records in the event of an emergency? Availability requires information should be consistently and readily accessible for authorized parties. Availability demands around-the-clock monitoring and testing for software and hardware vulnerabilities. The Availability pillar is built with the concept of High Availability in mind.

‍

The CIA Triad can be used to scan and implement security policies and procedures while understanding the various guidelines regarding cybersecurity, mitigating or outright avoiding risk.