Understand the Security Concepts of Information Assurance

CIA Triad

It’s common to use Confidentiality, Integrity and Availability, also known as the CIA triad, when defining Security

1. Confidentiality: relates to permitting authorized access to information, while at the same time protecting information from improper disclosure. The security professional’s obligation is to regulate access—protect the data that needs protection, yet permit access to authorized individuals. Terms related to Confidentiality include:

• Personally Identifiable Information: Any information that can be used to distinguish or trace individuals Identity. Such as name, social security number, dat and place of birth, and biometrics.
• Protected Health Information: Information regarding health status, the provision of healthcare and payment.
• Intellectual or Sensitive Information: Includes trade secrets, research, business plans and intellectual property.

2. Integrity: is the property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose. Integrity measures the level to which something is whole, complete, correct and internally consistent. This concept applies to:

• Information or data
• System and processes for business
• Organizations
• People and their actions

3. Availability: means that systems and data are accessible at the time users need them. The core concept of availability is that data is accessible to authorized users when and where it is needed and in the form and format required. Availability is often associated with the term criticality, because it represents the importance an organization gives to data or an information system in performing its operations or achieving its mission.

Confidentiality, Integrity and Availability are the foundations of the Cybersecurity Domain.

4. Authentication: this is a process to prove the identity of the requestor by comparing one of more factors of identification. There are 3 common techniques of Authentication:

• Something you know: Passwords or paraphrases
• Something you have: Tokens, memory cards, smart cards.
• Something you are: Biometrics, measurable characteristics.

There are 2 Methods of Authentication:

Single Factor Authentication (SFA): this is using only one technique for authentication. For example: The combined use of a User ID and a Password consists of two things that are known (knowledge based), so they can not be considered as MFA.

Multiple Factor Authentication (MFA): Involves using two or more techniques of authentication. For example: The combined use of Password and a Token consists of two different techniques “Something you know and something you have”, It can be considered as a MFA.

Another Example would be your ATM card. You HAVE the card, and you KNOW the pin. So, that is one form of multiple factor authentication. Someone with just the Card can’t access the money.

5. Privacy: This is the right of an individual to control the distribution of information about themselves. In 2016, the European Union passed comprehensive legislation (General Data Protection Regulation-GDPR) that addresses personal privacy, deeming it an individual human right.