Holly trinity of security

--Originally published at Allow Yourself to fail and learn… and hack

By now you should be worrying more about security. Fortunately you are not left alone in this world. There exist a security model focused on achieve progress in three main goals Also known as CIA triad, or AIC in case you don’t want to confuse it with the Central Intelligence Agency.

Computer security has 3 main core components: Integrity warrants that the information is trustworthy , Availability is a guarantee of reliable access to the information, and Confidentiality which is about rules limiting the access to information.

now going deeper into each of these elements:

Integrity

Integrity is about securing the information and make it “impossible” to be modified by unauthorized access.  Incorrect data is useless and delicate, therefore integrity has a great weight on protecting .

Best practices to maintain this element healthy are the following:

  • Encryption
  • hashing received message with original message to compare
  • Backup availability
  • user access control

Availability

This section is about making sure that everyone authorized has access to the information whenever they need. Information’s value depends among other things on the users being able to access his data at any time they want. Nowadays you don’t only have to be worried wanted about other people accessing to your information, but also about other people not letting you access to it. DDoS attacks have become very common lately, but that information will be available on a blog post anytime soon. So back to the security triad…

Best practices to maintain this element healthy are the following:

  • rigorously maintain all hardware
  • systems’ and components’ updates
  • backup in a geographically-isolated location.
  • redundancy control
  • provide adequate bandwidth

Confidentiality

This one is probably the most important and the easier to understand, as the name suggest is about keeping your data and all the delicate information away from people unauthorized to see it. Information has

especially nowadays (credit card numbers, personal information, delicate work documents, etc). Therefore being SO important and juicy for the bad people everyone tries to attack it.

Best practices to maintain this element healthy are the following:

  • Encryption
  • strong password build
  • two steeps authentication
  • enforcing file permissions and access control list
  • keep system’s algorithms secret

Conclusion

 

The CIA model helps us to guarantee the right amount of security we want to have. It all depends on what we are working on, some products might need an expense use of the three of them, some others may need more from confidentiality rather than accessibility. it varies based on the user needs.