Please enable JavaScript.
Coggle requires JavaScript to display documents.
C.I.A. Triad key characteristics of information that make it valuable to…
C.I.A. Triad
key characteristics of information that make it valuable to an organization
Definition
standard for computer security since based on three characteristics confidentiality, integrity, and availability.
Availability
Definition
authorized users have access to information in a usable format, without interference or obstruction
Availability does not imply that the information is accessible to any user; rather, it means it can be accessed when needed by authorized users.
Identification
Definition
: when an information system is able to recognize individual users
How to performed
user name or ID
It is the first step in gaining access to secured material, and it serves as the foundation for authentication and authorization.
Identification is nothing more than claiming you are somebody.
Confidentiality
Definition
limiting access to only those with sufficient privileges and a demonstrated need to access it
Disclosure
confidentiality is breached intentional or unintentional when exposure of an information asset to unauthorized parties.
Ex:
confidential information could be mistakenly e-mailed to someone outside the organization rather than the intended person inside the organization
employee discards, rather than destroys, a document containing critical information.
hacker successfully breaks into a Web-based organization’s internal database and steals sensitive information about clients
To protect the confidentiality of information
Information classification
Cryptography (encryption)
Application of security policies
Education end users
Secure document storage
General points
Confidentiality is closely related to another key, privacy
In an organization, confidentiality of information is especially important for personal information about employees, customers, or patients.
Integrity
Definition
describes how data is whole, complete, and uncorrupted.
When it is threatened
when it is exposed to corruption, damage, or other disruption of its authentic state.
When corruption can occur
while information is being entered, stored, or transmitted.
Examples of integrity violation
viruses and worms designed to corrupt data
Faulty programming or noise in the transmission channel.
How to protect integrity
use redundancy bits and check bits during each transmission, algorithms, hash values, and error-correcting codes.
Authorization
Definition
mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels.
Examples of authorization
The access control lists and authorization groups in a networking environment.
The database authorization scheme to verify that the user of an application is authorized for specific functions, such as reading, writing, creating, and deleting.
General points
The present-day needs made these characteristics inadequate on their own to conceptualize InfoSec because they are limited in scope and cannot cover today’s constantly changing IT environment.
Therefore, it has been expanded into a more comprehensive list of characteristics including privacy, identification, authentication, authorization, and accountability.
Authentication
Definition
how one proves that they are who they say they are.
Examples of authentication mechanisms
-password
-personal identification number (PIN)
-Secure Sockets Layer (SSL) connection
-cryptographic hardware devices such as RSA’s SecurID.
Accountability
Definition
all
actions
on a system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as audibility.
Privacy
Definition
information will be used only in ways approved by the person who provided it
Privacy violation examples:
Today, it is possible to collect and combine personal information from several different sources, known as
information aggregation
, which has resulted in databases containing data that could be used in ways the original data owner hasn’t agreed to or even knows about
information aggregation
is pieces of non-private data that, when combined, may create information that violates privacy
information aggregation not equal to aggregate information