Principles of Security

The following are the basic fundamentals of information security:

1. Confidentiality
2. Integrity
3. Availability

Every aspect of a security program (and every security control implemented by an organization) should be designed to meet at least one of these principles. The CIA Triad is their standard term.

What is Confidentiality?

Confidentiality measures are in place to prevent unauthorized disclosure of data. The confidentiality principle’s goal is to ensure that private information stays private and can only be read or accessed by those who require it to perform their job obligations.

If an unauthorized individual has access to communication, the message’s confidentiality is jeopardized. Confidential information must be safeguarded. To protect the confidentiality of its data, a business must guard against harmful acts.

Interception causes loss of message confidentially.

What is Integrity?

Integrity refers to the protection of data from unauthorized changes (e.g., additions, deletions, or changes). The integrity principle is intended to ensure that data can be trusted to be accurate and that it has not been tampered with in any way.

An interruption in the system, such as a power surge, might cause undesired changes in certain information, which is not always the consequence of a criminal act.

Modification causes loss of message integrity.

What is Availability?

The term “availability” refers to protecting the operation of support systems and ensuring that data is fully accessible at the point in time (or for the specified duration) when it is required by users. The goal of availability is to guarantee that data is available for decision-making when it is needed. The information must be updated on a regular basis, which demands its accessibility by authorized parties. Information inaccessibility is just as damaging to a company as a lack of secrecy or integrity.

Interruption puts the availability of resources in danger.

The balancing idea is represented in the diagram. To design a safe system, the three aims must be balanced correctly. If the goals aren’t balanced, an opening is created for attackers to undermine the other security goals. If a system is highly secret yet has limited availability, it is not secure.

Example: An organization collects or generates sensitive data for use in its commercial activities. Because the information is sensitive, it should only be accessible to those inside the company who require it to do their duties. Unauthorized persons should not be able to access it. This is an example of the confidentiality principle in action.

When the person who requires that data to execute a work responsibility is ready to use it, it must be easily available (i.e. online) in a fast and reliable manner so that the job assignment may be performed on time and the company’s operations can proceed. This is how the availability concept works.

Finally, the data will be utilized in computations that will influence the organization’s business choices and investments. As a result, data accuracy is important to ensure correct computations and outcomes, which will be used to make judgments. The principle of integrity ensures that data has not been tampered with inappropriately and can thus be trusted when performing computations and making choices.