search

What are the three 3 key security attributes that we need to consider when establishing a secure computer network environment?

1 anos atrás
Comentários: 0
Visualizações: 104

Today’s organizations face an incredible responsibility when it comes to protecting data. Whether it’s internal proprietary information or any type of data collected from customers, companies could face substantial consequences in the event of a data breach. That’s why they need to have the right security controls in place to guard against cyberattacks and insider threats while also providing document security and ensuring data availability at all times. These information security basics are generally the focus of an organization’s information security policy.

Show

What is an Information Security Policy?

Organizations develop and implement an information security policy to impose a uniform set of rules for handling and protecting essential data. The policy should apply to the entire IT structure and all users in the network. It determines who has access to different types of data, how identity is authenticated, and what methods are used to secure information at all times. A good information security policy should also lay out the ethical and legal responsibilities of the company and its employees when it comes to safeguarding customer data.

Most information security policies focus on protecting three key aspects of their data and information: confidentiality, integrity, and availability.  Each objective addresses a different aspect of providing protection for information. Taken together, they are often referred to as the CIA model of information security. The CIA model holds unifying attributes of an information security program that can change the meaning of next-level security.

Information Security Basics: The CIA Model

Confidentiality, integrity, and availability, also known as the CIA triad, is also sometimes referred to as the AIC triad (availability, integrity, and confidentiality) to avoid confusion with the Central Intelligence Agency, which is also known as CIA.

Confidentiality

When we talk about the confidentiality of information, we are talking about protecting the information from being exposed to an unauthorized party due to a data breach or insider threat. According to the federal code 44 U.S.C., Sec. 3542, ‘Preserving restrictions on access to your data is important as it secures your proprietary information and maintains your privacy’.

Nobody wants to deal with the fallout of a data breach, which is why you should take major steps to implement document security, establish security controls for sensitive files, and establish clear information security policies regarding devices. Confidentiality covers a spectrum of access controls and measures that protect your information from getting misused by any unauthorized access. The ideal way to keep your data confidential and prevent a data breach is to implement safeguards.

Every piece of information a company holds has value, especially in today’s world. Whether it’s financial data, credit card numbers, trade secrets, or legal documents, everything requires proper confidentiality. In other words, only the people who are authorized to do so should be able to gain access to sensitive data.

A failure to maintain confidentiality means that someone who shouldn’t have access has managed to get access to private information. Through intentional behavior or by accident, a failure in confidentiality can cause some serious devastation.

Some information security basics to keep your data confidential are:

  1. Encryption
  2. Password
  3. Two-factor authentication
  4. Biometric verification

Integrity

In the world of information security, integrity refers to the accuracy and completeness of data. Security controls focused on integrity are designed to prevent data from being modified or misused by an unauthorized party. Integrity involves maintaining the consistency and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and precautionary steps must be taken to ensure that data cannot be altered by unauthorized people.

For example, in a data breach that compromises integrity, a hacker may seize data and modify it before sending it on to the intended recipient.

Some security controls designed to maintain the integrity of information include:

  1. Encryption
  2. User access controls
  3. Version control
  4. Backup and recovery procedures
  5. Error detection software

Availability

Data availability means that information is accessible to authorized users. It provides an assurance that your system and data can be accessed by authenticated users whenever they’re needed. Similar to confidentiality and integrity, availability also holds great value.

Availability is typically associated with reliability and system uptime, which can be impacted by non-malicious issues like hardware failures, unscheduled software downtime, and human error, or malicious issues like cyberattacks and insider threats. If the network goes down unexpectedly, users will not be able to access essential data and applications. Information security policies and security controls address availability concerns by putting various backups and redundancies in place to ensure continuous uptime and business continuity.

Your information is more vulnerable to data availability threats than the other two components in the CIA model. Making regular off-site backups can limit the damage caused to hard drives by natural disasters or server failure. Information only has value if the right people can access it at the right time.

Information security measures for mitigating threats to data availability include:

  1. Off-site backups
  2. Disaster recovery
  3. Redundancy
  4. Failover
  5. Proper monitoring
  6. Environmental controls
  7. Virtualization
  8. Server clustering
  9. Continuity of operations planning

Information Security Basics: Biometric Technology

Multifactor biometric authentication is one of the most effective forms of logical security available to organizations. By requiring users to verify their identity with biometric credentials (such as fingerprint or facial recognition scans), you can ensure that the people accessing and handling data and documents are who they claim to be.

Biometric technology is particularly effective when it comes to document security and e-Signature verification. Continuous authentication scanning can also mitigate the risk of “screen snoopers” and visual hacking, which goes a long way toward protecting the confidentiality requirements of any CIA model.

At Smart Eye Technology, we’ve made biometrics the cornerstone of our security controls. With our revolutionary technology, you can enhance your document security, easily authenticate e-Signatures, and cover multiple information security basics in a single, easy-to-use solution. To get a hands-on look at what biometric authentication can do for your security controls, download the Smart Eye mobile app today or contact our information security experts to schedule a demo.

It’s easy to protect some data that is valuable to you only. You could store your pictures or ideas or notes on an encrypted thumb drive, locked away in a spot where only you have the key.

But companies and organizations have to deal with this on a vast scale. After all, it’s the company data—products, customer and employee details, ideas, research, experiments—that make your company useful and valuable. (The “assets” we normally think of, like hardware and software, are simply the tools that allow you to work with and save your company data.)

So, how does an organization go about protecting this data? Certainly, there’s security strategies and technology solutions that can help, but one concept underscores them all: The CIA Security Triad.

This concept combines three components—confidentiality, integrity, and availability—to help guide security measures, controls, and overall strategy. Let’s take a look.

What are the three 3 key security attributes that we need to consider when establishing a secure computer network environment?

(This article is part of our Security & Compliance Guide. Use the right-hand menu to navigate.)

Defining CIA in security

The CIA triad represents the functions of your information systems. Your information system encompasses both your computer systems and your data. Ben Dynkin, Co-Founder & CEO of Atlas Cybersecurity, explains that these are the functions that can be attacked—which means these are the functions you must defend.

The CIA security triad is comprised of three functions:

  • Confidentiality. A system’s ability to ensure that only the correct, authorized user/system/resource can view, access, change, or otherwise use data.
  • Integrity. A system’s ability to ensure that the system and information is accurate and correct.
  • Availability. A system’s ability to ensure that systems, information, and services are available the vast majority of time.

Let’s look at each in more details.

Confidentiality

In a non-security sense, confidentiality is your ability to keep something secret. In the real world, we might hang up blinds or put curtains on our windows. We might ask a friend to keep a secret. Confidentiality also comes into play with technology. It can play out differently on a personal-use level, where we use VPNs or encryption for our own privacy-seeking sake. We might turn off in-home devices that are always listening.

But in enterprise security, confidentiality is breached when an unauthorized person can view, take, and/or change your files. Confidentiality is significant because your company wants to protect its competitive edge—the intangible assets that make your company stand out from your competition.

Integrity

In computer systems, integrity means that the results of that system are precise and factual. In the data world, it’s known as data trustworthiness—can you trust the results of your data, of your computer systems?

When securing any information system, integrity is one function that you’re trying to protect. You don’t want bad actors or human error to, on purpose or accidentally, ruin the integrity of your computer systems and their results.

Availability

Availability is a term widely used in IT—the availability of resources to support your services. In security, availability means that the right people have access to your information systems. If a user with privilege access has no access to her dedicated computer, then there is no availability.

Availability is a large issue in security because it can be attacked. An attack on your availability could limit user access to some or all of your services, leaving your scrambling to clean up the mess and limit the downtime.

The CIA triad in enterprise security

OK, so we have the concepts down, but what do we do with the triad?

At its core, the CIA triad is a security model that you can—should—follow in order to protect information stored in on-premises computer systems or in the cloud. It helps you:

  • Keep information secret (Confidentiality)
  • Maintain the expected, accurate state of that information (Integrity)
  • Ensure your information and services are up and running (Availability)

It’s a balance: no security team can 100% ensure that confidentiality, integrity, and availability can never be breached, no matter the cause.

What are the three 3 key security attributes that we need to consider when establishing a secure computer network environment?

Instead, security professionals use the CIA triad to understand and assess your organizational risks. Dynkin suggests breaking down every potential threat, attack, and vulnerability into any one function of the triad. For example:

  • A data breach attacks the confidentiality of your data.
  • A ransomware incident attacks the availability of your information systems.

Understanding what is being attacked is how you can build protection against that attack. Take the case of ransomware—all security professionals want to stop ransomware. Where we tend to view ransomware broadly, as some “esoteric malware attack”, Dynkin says we should view it as an attack designed specifically to limit your availability.

When you think of this as an attempt to limit availability, he told me, you can take additional mitigation steps than you might have if you were only trying to “stop ransomware”.

The triad can help you drill down into specific controls. It also applies at a strategy and policy level. Dynkin continues: When you understand the CIA triad, you can expand your view of security “beyond the specific minutiae (which is still critically important) and focus on an organizational approach to information security.”

Prioritize each thing you need to protect based on how severe the consequences would be if confidentiality, integrity, or availability were breached. For example, how might each event here breach one part or more of the CIA triad:

  • A service interruption: An attacker could interrupt your access as a bargaining chip for something else.
  • Interception: An attacker could block or hijack your emails to learn about company activity.
  • Modification or fabrication: An attacker could modify or fake your information.

What if some incident can breach two functions at once? Consider, plan for, and take actions in order to improve each security feature as much as possible. For example, having backups—redundancy—improves overall availability. If some system’s availability is attacked, you already have a backup ready to go.

CIA triad in action

You’ll know that your security team is putting forth some security for the CIA triad when you see things like:

  • Limits on administrator rights
  • Inability to use your own, unknown devices
  • The use of VPN to access certain sensitive company information

Anything that is an asset—tangible hardware and software, intangible knowledge and talent—should in some way be protected by your security team. And that is the work of the security team: to protect any asset that the company deems valuable. And it’s clearly not an easy project.

Additional security properties

Security professionals already know that computer security doesn’t stop with the CIA triad. ISO-7498-2 also includes additional properties for computer security:

  • Authentication: The ability of your systems to confirm an identity.
  • Non-repudiation or accountability: The ability of your systems to confirm the validity of something that occurs over the system. It is an assurance about data’s origins and integrity.

Confidentiality, integrity, availability

These three components are the cornerstone for any security professional, the purpose of any security team. John Svazic, Founder of EliteSec, says that the CIA triad “acts as touchpoints for any type of security work being performed”. That is, it’s a way for SecOps professionals to answer:

How is the work we’re doing actively improving one of these factors?

When your company builds out a security program, or adds a security control, you can use the CIA triad to justify the need for controls you’re implementing. Always draw your security actions back to one or more of the CIA components.

That’s why Svazic considers the CIA triad “a useful ‘yardstick’” that helps you ensure the controls you are implementing are actually useful and necessary—not a placebo.

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing .

Q&A What When

Postagens relacionadas

What does it mean to say that a database displays both entity integrity and referential integrity quizlet?
What does it mean to say that a database displays both entity integrity and referential integrity quizlet?

When may it be suitable for a care and support worker to share personal information about themselves?
When may it be suitable for a care and support worker to share personal information about themselves?

Who is blue jean chef married to
Who is blue jean chef married to

Who is alex trebeks daughter
Who is alex trebeks daughter

What is the number of times the viewer is exposed to the same promotional message by the same promotional tool?
What is the number of times the viewer is exposed to the same promotional message by the same promotional tool?

O lixão que recebia 130 toneladas de lixo e contaminava a região com seu chorume
O lixão que recebia 130 toneladas de lixo e contaminava a região com seu chorume

What should The nurse do if a transfusion reaction is suspected
What should The nurse do if a transfusion reaction is suspected

What was the score of the braves game last night
What was the score of the braves game last night

What is a ceo vs owner
What is a ceo vs owner

A nurse is assessing a toddler who has suspected lead poisoning. which of the following findings
A nurse is assessing a toddler who has suspected lead poisoning. which of the following findings

Best way to season ribs for the oven
Best way to season ribs for the oven

Where to buy sk8 the infinity manga
Where to buy sk8 the infinity manga

Esqueci de tomar o antibiótico na hora certa o que fazer
Esqueci de tomar o antibiótico na hora certa o que fazer

What is the correct order in which sound waves are transmitted through the ear I tympanic membrane II ossicles III external auditory canal IV cochlea?
What is the correct order in which sound waves are transmitted through the ear I tympanic membrane II ossicles III external auditory canal IV cochlea?

Which is the correct order of events of sound transmission through the ear 1 sound waves strike the eardrum?
Which is the correct order of events of sound transmission through the ear 1 sound waves strike the eardrum?

2022 mazda cx-5 grand touring reserve vs signature
2022 mazda cx-5 grand touring reserve vs signature

How do you make glasses on little alchemy?
How do you make glasses on little alchemy?

What is the 5 benefits in planting trees?
What is the 5 benefits in planting trees?

The Nine Lives of Chloe King Alek
The Nine Lives of Chloe King Alek

Where can I watch Rick and Morty
Where can I watch Rick and Morty

Publicidade

ÚLTIMAS NOTÍCIAS

How many factors of 400 are not multiples of 2
1 anos atrás . por WhisperedBaker
A relatively new discipline, motion graphics began with
1 anos atrás . por EnhancedSolitude
A policy loan is made possible by
1 anos atrás . por AffirmativeBonus
Its a small world meaning
1 anos atrás . por PollutedTossing
Which of the following nutrients yield energy?
1 anos atrás . por Blue-grayWarmth
What was the significance of the first continental congress in 1774?
1 anos atrás . por AtmosphericTyrant
When was Fairfield CA founded?
1 anos atrás . por IntermediateApparatus
When assessing the intensity of a patients pain, which question by the nurse is appropriate
1 anos atrás . por Door-to-doorHamburger
How many liters of water must be added to 16 liters of milk and water contains 10% water to make it 20% water in it?
1 anos atrás . por BogusMorale
How many spectral lines are obtained when an electron drops from 4th Shell to ground shell?
1 anos atrás . por BadAllegiance

Toplistas

#1
Top 8 mensagem de 30 anos de aniversário 2022
1 anos atrás
#2
Top 7 jogo do bicho palpite do dia de hoje 2022
1 anos atrás
#3
Top 7 melhor comprimido para dor de cabeça 2022
2 anos atrás
#4
Top 6 explique a influência da corrente do golfo no atlântico norte sobre a europa ocidental 2022
1 anos atrás
#5
Top 7 como é o nome da música 2022
1 anos atrás
#6
Top 7 cloridrato de meclizina para que serve 2022
2 anos atrás
#7
Top 4 existe outra regionalização que é utilizado para dividir o país em três partes 2022
1 anos atrás
#8
Top 7 500g de presunto preço 2022
1 anos atrás
#9
Top 8 o país que mais emite gases de efeito estufa atualmente é há uma grande probabilidade 2022
1 anos atrás
#10
Top 8 um elemento químico da família dos halogênios (7 elétrons na camada de valência) 2022
1 anos atrás

Publicidade

Populer

Token Data

Publicidade

Sobre

Jurídica

Ajuda

Social

homeendefrjakoptzhhi
direito autoral © 2024 cemle Inc.