We’re going to talk about the CIA today. This CIA has no contact with the Central Intelligence Agency. This CIA is a widely used information security model that can guide an organization’s efforts and policies toward data security rather than US national security.

Confidentiality, Integrity, and Availability are the three letters that make up the acronym CIA. In the area of information security, it’s also known as the CID trinity. The ultimate goal of data security is to ensure the confidentiality, integrity, and availability of essential and sensitive data.

Confidentiality: Confidentiality ensures that only the appropriate users have access to the system and data at the appropriate times. To put it another way, unauthorized users should not have access to the system, data, or resources.

Control: Data classification, keeping certain files inaccessible [only read mode enabled], and correct disposal of equipment such as USB drives, DVDs, and papers are all examples of confidentiality control. Organizations can use encryption to protect data from both accidental disclosure and intentional attacks. Another way to guarantee confidentiality is to use two-factor authentication. To commence the transaction, customers must provide their user credentials as well as an OTP [One Time Password], which is delivered to them through SMS or email. Biometric verification is also commonly utilized to maintain confidentiality.

Integrity: Integrity refers to the accuracy and completeness of the systems and data. Integrity is the assurance that data or resources are sufficiently correct for their intended use, as well as the prevention of improper and unauthorized alterations. The ATM and bank software ensure data integrity by maintaining all transfer and withdrawal records made via the ATM in the user’s bank accounting.

Controls: A checksum (a number generated by a mathematical function to verify that a specific block of data has not been modified) and access control are examples of data integrity measures (which ensures that only authorized people can update, add, or delete data). The most generally used controls to protect data integrity are encryption, user access controls, version control, backup and recovery methods, and error detection software.

Availability: The guarantee that the systems in charge of providing, storing, and processing information are available when needed by authorized users is known as availability.

Control: Disk arrays for redundant systems and clustered machines, antivirus software to combat malware, and distributed denial-of-service (DDoS) prevention systems, Off-site backups, Disaster recovery planning, Redundancy, Failover, and Continuity of operations planning are all examples of data availability measures.

Apart from that, two important concepts that have been used widely are Authencity and 

Authenticity: Authenticity refers to the quality of being authentic or uncorrupted in communication, documentation, or other data. Authentication’s main purpose is to ensure that a user is legitimate.

Control: Data, transactions, communications, and documents are authenticated using biometrics, smart cards, and digital certificates.

Non-repudiation: The certainty that someone cannot deny the legitimacy of anything is known as non-repudiation. Non-repudiation is a legal concept that is extensively employed in the field of information security and refers to a service that gives confirmation of data’s origin and integrity. Non-repudiation, in other words, makes it very impossible to successfully dispute who/where a message came from, as well as its legitimacy and integrity.

Control: Digital signatures are used by individuals and organizations to assure non-repudiation.