fbpx

The CIA triad is the essence of security and if anyone asks you to define security, then how will you define it?

There are basically three dimensions in which security can be defined.

  1. Confidentiality
  2. Integrity
  3. Availability

Security lies between the perfect balances of all these three triad elements.

Confidentiality

Just thinking about the information. You can say any kind of data. Let’s say the password. So your password stored on a website.
Now if any attacker is able to compromise the website and then he’s able to see your password. This will be called a confidentiality breach. The attacker is able to see the unauthorized data. The main word is unauthorized access. Whenever any unauthorized person is able to access some information that is called as a confidentiality breach.

Integrity

Integrity is all about the alteration. Just think about the same situation where an attacker is able to compromise the website. Just take a normal real-life example that the password is not stored in the website in clear text, the password is encrypted. So the attacker may not be able to see your password but maybe he can modify your password.
It can also be applied to physical systems.  For example you have a computer that has some hardware. Let’s say 2 GB RAM and 1 TB Hard Disk. Now any attacker comes and he modified some of the hardware. This is also damage to integrity because your system hardware has changed.
So it’s all about the unauthorized alteration.

 

Availability

It is like being available for something.
For example the attacker simply compromises the whole website resulting in a denial-of-service. You cannot go ahead and use that website because it is down. So the availability of that website is damaged for you. It’s all about unauthorized destruction.
A physical Security example here can be that you have a computer. Now your computer gets short circuit. So the system is unavailable for anyone. You can’t use that system because it is damaged. So the availability component is damaged.

Conclusion

So security is not only about attacking the system and compromising things, it’s all about the three basic elements. The unauthorized access, which comes in confidentiality, the unauthorized alteration, which comes into integrity and the unauthorized destruction, which comes in the availability.

DAD – NEGATIVE

Disclosure, Alteration, and Destruction

The opposite of the CIA triad.
Disclosure is opposed to the confidentiality, Alteration is for integrity and Destruction for the availability.

So this is how the security can be defined, either you define it using CIA Triad, or you use DAD.

P.s. This article is a from my Last Week CISSP Book available on Amazon
check my Free Training Program at sagarbansal.com/cissp

Close Menu
Only Serious People Please!

Career Plan To Get $100K in Information Security

Where Shall I Send You This Plan?
SEND ME NOW!
No, Do Not Want To Make Any Career In It
This is Available For 24 Hours Only...

Ethical Hacking Training Only For Serious Students!

Register For This Exclusive Event For Free
SEND ME NOW!
No, Do Not Want To Make Any Career In It

Premium Content Locked!

Enter Your Email Below to Unlock Your Exclusive Content
Get Instant Access
%d bloggers like this: