Friday, February 5, 2016

Information Security Key Principles (CIA Triangle)

CIA Triangle



Information security has three main principles which are come inform of CIA model which also known as CIA triad (Triangle). Each letter of CIA represents one of three principles of information security. These principles are:

  1. Confidentiality : In an easy definition it means "Keep the private information PRIVATE" and avoid disclosure of it to an unauthorized entity. For example: When nobody other than sender and receiver of an email can not read it , this means that email transfer confidentially on the network and it remains confidential in the send box of sender and in the inbox of receiver. The attacker might intercept none encrypted data from the network.
  2. Integrity : Means protecting the data from any unauthorized changes and modifications. Integrity might be voided by any kind of modification such as adding, removing , and changing. For example: When an email send from the sender and before the receiver receives it, another third party removes some of the lines of the email. In this case the integrity of the email is voided. An attacker might change the data stored in the database after accessing to the database.
  3. Availability : Means the authorized entity should be able to access the data needed time. There should not be any disruption in the availability of the data. For example: The student should be able to access to online subject selection system on a specific date . An attacker might interrupt the availability of this service by launching a Denial of Service (DoS) by sending to many request in the same time. 

This triangle has there main cores. However information security has three other main key concepts such as:
  • Accountability : Means each person should be responsible for the act that he/she did.
  • Authenticity : In authenticity the genuineness of the data is important. For checking genuineness of data the authenticity of both party should be validated against what they claimed to be. For example in emailing digital signatures used to claim the authenticity of email and its owner.
  • Non-repudiation : Means nobody can NOT deny the act they did. If an email sent, the sender can not claim that I didn't sent this email or the recipient can not claim that I didn't receive that email.