The Crucial Components to Security: Implementing the CIA Triad
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.
This principle represents the core requirements of any company towards information security for the safe utilization, flow, and storage of information.
This is a link to the CISSP professional discussing the insight on CIA and how it can work for you
Confidentiality is directly correlated to the ideology of privacy. Confidentiality is provided to ensure that there are steps taken to prevent sensitive information from entering the wrong hands. The confidentiality principle dictates that information should solely be viewed by people with appropriate and correct privileges.
The science and art used to verify confidentiality is cryptology, which involves encryption and decryption methods. It is common for data to be categorized according to the amount and type of severity of damage that could be ensued if fallen into the hands of the wrong person. More or less stringent measures of restriction can then be implemented according to those categories.
Safeguarding information confidentiality involves special training for those with access to such documents. Typically, training includes understanding security risks that could threaten this information. Training is designed to help familiarize authorized people with risk factors and promote ways to guard against them.
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality). According to Matthew Haughn, these measures include file permissions and user access controls; version control maybe used to prevent erroneous changes or accidental deletion by authorized users becoming a problem.
Furthermore, certain guidelines and rules are set in place to detect any changes in data that may occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash. Some data might include checksums, even cryptographic checksums, to verify the integrity of a server. Backups or redundancies must be available to restore the affected data to its correct state, which helps to ensure the reliability of its’ integrity.
In order to ensure availability, it is often best to rigorously maintain all hardware, performing hardware repairs immediately and maintaining a functional operating system environment that is software conflict free. Also, it is important to keep your system current by utilizing all major upgrades. Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are equally important.
Fast and adaptive disaster recovery is essential for the worst case scenarios; that capacity is reliant on the existence of a comprehensive disaster recovery plan (DRP).
For paper files and documents, availability can be ensured by regular scheduled office cleaning, maintaining files and loose documents, and proper storage.
Implementing these three simple ideas can aid in reducing your company’s change of a security breach.
Rock Solid Shredding provides customized paper and hard drive shredding services that assist businesses with complying with legislation while protecting information.
Contact them at 501.940.9900 or fill out the Contact Form.
Follow Rock Solid on Twitter. Like them on Facebook.