I know of three CIAs:
- The Central Intelligence Agency (CIA)
- The Hudson Valley's Culinary Institute of America (CIA)
- The Triad of Information Security - Confidentiality, Integrity, and Availability (CIA)
The first chapter of every Certified Information Systems Security Professional (CISSP) training is always about this Triad of Information Security. It is the foundational concept that everything else we do is based upon. It is pounded into our brains. Here is a pretty good definition of what CIA means:
- Confidentiality involves the efforts of an organization to make sure data is kept secret or private. To accomplish this, access to information must be controlled to prevent the unauthorized sharing of data—whether intentional or accidental. A key component of maintaining confidentiality is making sure that people without proper authorization are prevented from accessing assets important to your business. Conversely, an effective system also ensures that those who need to have access have the necessary privileges.
- Integrity involves making sure your data is trustworthy and free from tampering. The integrity of your data is maintained only if the data is authentic, accurate, and reliable.
- Availability means that even if data is kept confidential and its integrity maintained, it is often useless unless it is available to those in the organization and the customers they serve. This means that systems, networks, and applications must be functioning as they should and when they should. Also, individuals with access to specific information must be able to consume it when they need to, and getting to the data should not take an inordinate amount of time.
These are the basic standards that we must use to evaluate everything we do and provide our users with a safe, secure, and useable environment that helps them accomplish their objectives.
Keep these concepts top of mind in everything you do.
-Scott Quimby, CISSP
You must be logged in to post a comment.