CIA Triad And Cryptography
Q. Discuss the CIA triad? What does it stand for? How does it fit in
Cryptography and Information Security
Cryptography is one of the most important security measure adopted for the protection of data and information. This is a method by which data and information are secured while transferring them from one node to another either by human involvement or by automated data transfer systems. This method of data security holds greater importance when there is involvement of the third party in the process of transfer of data and information.
The system of cryptography is very much closely related to Information Security. Data, when gets arranged in a structured mode with relevance and purpose, takes the form of information. Data without arrangement or relevance holds no clear sign as far as the purpose of utilization is concerned. Hence protection of information is Information Security which is very efficiently done by the method of Cryptography.
Relation of CIA and Cryptography
CIA stands for Confidentiality, Integrity, and Availability. This forms the most important triad of Information Security System. This makes it close and relevant to its association with cryptography. The three key areas of Confidentiality, Integrity, and Availability of this Information Security model helps in the process of evaluation of Information Security of any organization. Information Security being a very close factor for Cryptography, these three key areas also form the basis of the functionality of Cryptography.
Features of CIA
As discussed earlier the close relevance between CIA, Information Security, and Cryptography, the features of CIA which helps any organization or business enterprise to evaluate their security model can be highlighted as follows:
a. It provides a baseline evaluation standard for the Information Security framework of any organization.
b. It provides a platform for implementation of Information Security parameters irrespective of the underlying department or business enterprise.
c. The three elements of the triad, that is, Confidentiality, Integrity, and Availability are distinctly recognized parameters for framing the Information Security protocols of any organization. All these three processes are linked with each other and provide a great information security framework with a coordinated approach to the Information Security approach.
The three elements of CIA
The CIA forms a triad which is completely an inseparable aspect of the Information Security subject of any organization. The three keys of CIA are Confidentiality, Integrity and Availability. These three keys form important aspects for Cryptography too. The detailed description of the three keys are as follows:
Confidentiality: This element ensures that all data or Information associated with any particular person or authority of any individual stays protected. This stage keeps data and information safe from any sort of unauthorized access. Access Control Lists (ACL) along with user IDs, passwords, biometric scans and other security centred policies forms the functional basis of this level.
Integrity: This element provides assurance to the trustworthiness of the data and Information Security System. This stage takes special measure in keeping a check that any credential associated with any individual do not gets modified or edited when the concerned person is not in access of the system. This stage takes the help of data encryption and hashing algorithms to maintain the integrity of data and information.
Availability: Now as Data and Information has been secured and it's access to unauthorized individuals is completely restricted, the availability of the protected data and information is also mandatory. It must be available at the portal or system any individual access on regular basis or over the Internet from anywhere in the world. A compatible and supporting system along with upgradation and patching if software boosted by proper network optimisation helps organisations to attain the Availability stage of CIA.
Schlienger, Thomas; Teufel, Stephanie (2003). "Information security culture-from analysis to change". South African Computer Journal. 31: 46–52.
Samonas, S.; Coss, D. (2014). "The CIA Strikes Back: Redefining Confidentiality, Integrity and Availability in Security". Journal of Information System Security. 10 (3): 21–45.