The first and most tangible of the three pillars is data and information protection. The data and information are collected from various sources, including operational technology (OT), information technology (IT), etc.
What are the goals or purposes of cyber security?
Cybersecurity controls access, ensures secure storage, and stops unauthorized processing to safeguard the confidentiality, integrity, and availability of data. To defend networks and computer hardware against attacks, organizations create security objectives and policies based on their cyber security standards.
What are the Three CIA Triad Pillars?
The CIA triad is supported by three pillars: confidentiality, integrity, and availability. These pillars are listed below:
1. Confidentiality Pillar: Data collection, storage, and sharing in the digital environment have left us vulnerable to cyber assaults. According to confidentiality, only authorized individuals should have access to sensitive information. Transaction data on e-commerce sites is a top priority of personally identifiable information (PII).
2. Integrity Pillar: Integrity guarantees that information is reliable and that it has remained in its original form throughout. Unless authorised by a licenced individual or system, stored data or data distributed or utilized should not be updated at any time.
3. Availability Pillar: Availability guarantees that information is available to authorised persons at the appropriate moment. They must be able to process data whenever it is required.
What tools can assist you in achieving the CIA triad objectives?
Confidentiality
1. Data encryption: Encryption is the process of transforming data into a coded format, maintaining its confidentiality, and restricting access to only those with the proper key and authorization.
2. Controlling access: RBAC is a system that enables individuals to access data only when needed, proactively dividing responsibilities based on established roles. Zero-trust security is critical in digitally advanced infrastructures, necessitating rigorous access restrictions via username and password or multi-factor authentication.
3. Non-disclosure contracts: Non-disclosure aspects should be included in cyber security strategies to ensure workers and contractors secure private information through non-disclosure agreements (NDAs), which enforce lawful usage and the credibility of information transmission.
4. Physical security: Physical security measures include safeguards against unauthorized use of electronic information resources, as well as safeguards against natural and environmental risks and purposeful intrusion. Security cameras, fire safety systems, and biometric access controls are examples of these methods.
Integrity
1. Using Checksums: Checksums identify transmission faults by allocating a number sequence to data and comparing it to the receiver, detecting damaged files, and ensuring overall integrity.
2. Data backups: Data backups and maintenance processes should be set up ahead of time, and customers should be alerted, to avoid unchangeable data loss due to human mistakes, virus assaults, or hardware failures.
3. Digital signatures: Digital signatures are an indication of authenticity, indicating that the data provided is genuine and legitimate. A pair of public and private keys operate behind the scenes to authenticate digital signatures. The private key is used to encrypt the sender’s signature, and the public key is employed for decoding and confirmation.
Availability
1. Redundancy: A redundancy strategy can assist in determining when and how to duplicate parts. It is often developed to avoid concerns with availability and in the event of server faults or infrastructure breakdowns. In the event of an accessibility difficulty, you can simply go on to the next source of information.
2. Programmed failovers: Redundancy and programmed failovers go together. Once you’ve duplicated data as part of your redundancy strategy, you must know how to automatically switch to a failsafe. A planned failure allows for a smooth transition to a backup system with no operator intervention or delays.
Conclusion
Individuals are frequently the source of threats to organizations, such as cybercriminals, phishing emails, malware, and ransomware assaults. Organizations must have proper protections and cyber security awareness training to combat these attacks. Employees should be on the lookout for strange situations and should feel encouraged to report concerns to the proper authorities.
