The Triad of Cybersecurity

--Originally published at Mr. Robot's Imaginary Friend

In this post I will be exploring about one of the fundamental concepts of security that should be familiar with most security professionals or students, that is common known as the CIA triad.

In this context CIA is not referring to Central Intelligence Agency. CIA means Confidentiality, Integrity and Availability, many security measures are designed to protect one or more of these.

cia-new

Confidentiality

If you talk about confidentiality of information, you are talking about protecting the information from been access by someone unauthorized.

As I have said before in other post information is one of the most valuable things nowadays, because bank account, personal information, government documents are things that you don’t want to be public or have no security. That’s why protecting information is a very important part of information security.

One of the simplest ways to keep something confidential is to DON’T HAVE IT ONLINE! If you really need to have this information on the Internet or your computer then the best way to protect this kind of information is encrypting, I won’t talk about this subject deeply because it’s going to be a subject for another post, when this post is publish I will add the link to it here.

darth-vader_-i-find_-your_-lack_-of_-cyber_-security-disturbing-meme_1

Integrity

This refers to protecting information from being modified by someone without authorization.

The modification of information could be something really bad for you, if the information that is modified is your bank account, where you supposed to have $1000, but actually you “transferred” all of your money to someone’s account, prove this was a mistake will be really annoying for you.

A way to prevent this is to use GPG to digitally sign your data, files, etc. You could potentially hash all your information, but that will be a pain because to dehash it, you would

to have the original hash from a secure way. This is a good GPG tool if you want to try it out. Keybase

Availability

Availability of information refers to ensuring that authorized parties are able to access the information needed.

The denying of access to information has become a very common attack nowadays. If you start searching you could find almost every week a news from a big company being attacked or websites being taken down by DDoS attacks. The result of a DDoS attack is to deny access to the website.

Best way to ensure your information availability is to have backups. I will talk about the importance of information backups for personal use in another post, but for now I will just say that a way to minimize the damage of one of this kinds of attacks.

TL;DR