What are the 3 principles of information security? Also, what are some examples to help us understand?
In this article: we will learn more about the importance of the 3 principles of InfoSec: confidentiality, integrity, and availability.
What Are the 3 Principles of Information Security?
You may have heard of the term CIA before. In the information security community, it has nothing to do with the US intelligence agency.
CIA in InfoSec means confidentiality, integrity, and availability. So, it’s more popular as the CIA triad.
Well, what does this triad do? Together, they are the basic components of any organization’s security.
The CIA triad also functions as the security goals and objectives of every company. So, they can refer to it anytime, including:
- leaked data
- attacked computer systems
- user takes a phishing bait
- hijacked account
- maliciously taken down the website
- or any other security incidents
In fact, even security professionals examine threats based on the CIA of information. Especially when it comes to its data, apps, and systems.
In the next section, we’ll have detailed explanations of these principles. Let us also look at real-world applications.
Information Security Principle #1: Confidentiality
When we say confidentiality, it means keeping something private or secret. In InfoSec, it’s about controlling data access. So, organizations can prevent unauthorized disclosure of data.
In other words, only those who are authorized can see or access some information. In contrast, those who are not allowed to see or access it are actively prevented from doing so.
For example, customers expect that their personal information is protected from hackers. And this includes their credit card, contact, shipping, or other personal information.
So, they can prevent security breaches and other incidents. After all, we know how damaging breaches are.
Information Security Principle #2: Integrity
Second, integrity means making information secure at all times. So, it should be reliable, correct, and complete.
In other words, information should not be tampered with or removed. Therefore, it can be trusted.
For example, customers expect product and pricing information to be accurate. What prices they see in their online store should also be the same when they check it out.
Also, banking clients entrust their account balances to the bank. So, if they already finished their loan, it should reflect on the balances. And not the other.
Finally, it should also protect data in use and in transit. When we say “in transit,” it includes sending an email. Or just the simple upload or download of a file.
Information Security Principle #3: Availability
Availability means keeping networks and systems up and running. Why? Because information is useless if organizations can’t access them when needed.
So, authorized users should have timely access. In businesses, high availability is a good thing. So, they can readily see something.
Of course, many incidents can affect the availability of information. For example, hardware or software failure, power failure, natural disasters, and human error.
Another well-known attack is the denial-of-service. This means that hackers bring down servers, so it denies users from accessing them.
As a result, employees and customers can’t access data. And even big companies like Microsoft and Sony suffer from it.