The CIA triad is the foundation that all Information Security concepts are built on, making it a great starting place for learning about InfoSec. CIA stands for confidentiality, integrity, and availability. But what do these concepts mean?
To illustrate how these principles work, let’s look at Calvin and Hobbes.
Calvin and Hobbes create a super-secret club called the “Get Rid Of Slimy girlS (G.R.O.S.S.)” club. During their very first treehouse meeting, they draft a document entitled “member list” and write the names “Calvin” and “Hobbes” on the list. This list is the club’s most valuable asset so Calvin and Hobbes need to maintain the CIA of the asset.
The confidentiality of the list is critical as the exposure of the secret member list would cause the entire super-secret club to lose its purpose. The integrity of the list is also important to ensure that unauthorized modifications of the list can’t be made. It would be terrible if Susie’s name were to make it on the list or if Calvin’s name were to be removed. Lastly, the availability of the list is important. When the club meets to have their secret meetings, they need the list do roll call and to ensure that those in attendance are listed.
So now that we’ve got the idea, we can explain how CIA works for business assets. The confidentiality of the asset is necessary to ensure that only those with appropriate privileges and appropriate need can see the asset. The integrity of the asset is necessary to ensure that the data has not been changed and, if it has, a log of changes is kept. The availability of the asset is necessary because it is not of any value if no one can interact with it for its intended purpose.