The CIA triad is the essence of security and if anyone asks you to define security, then how will you define it?
There are basically three dimensions in which security can be defined.
Security lies between the perfect balances of all these three triad elements.
Just thinking about the information. You can say any kind of data. Let’s say the password. So your password stored on a website.
Now if any attacker is able to compromise the website and then he’s able to see your password. This will be called a confidentiality breach. The attacker is able to see the unauthorized data. The main word is unauthorized access. Whenever any unauthorized person is able to access some information that is called as a confidentiality breach.
Integrity is all about the alteration. Just think about the same situation where an attacker is able to compromise the website. Just take a normal real-life example that the password is not stored in the website in clear text, the password is encrypted. So the attacker may not be able to see your password but maybe he can modify your password.
It can also be applied to physical systems. For example you have a computer that has some hardware. Let’s say 2 GB RAM and 1 TB Hard Disk. Now any attacker comes and he modified some of the hardware. This is also damage to integrity because your system hardware has changed.
So it’s all about the unauthorized alteration.
It is like being available for something.
For example the attacker simply compromises the whole website resulting in a denial-of-service. You cannot go ahead and use that website because it is down. So the availability of that website is damaged for you. It’s all about unauthorized destruction.
A physical Security example here can be that you have a computer. Now your computer gets short circuit. So the system is unavailable for anyone. You can’t use that system because it is damaged. So the availability component is damaged.
So security is not only about attacking the system and compromising things, it’s all about the three basic elements. The unauthorized access, which comes in confidentiality, the unauthorized alteration, which comes into integrity and the unauthorized destruction, which comes in the availability.
DAD – NEGATIVE
Disclosure, Alteration, and Destruction
The opposite of the CIA triad.
Disclosure is opposed to the confidentiality, Alteration is for integrity and Destruction for the availability.
So this is how the security can be defined, either you define it using CIA Triad, or you use DAD.