top of page
  • Writer's pictureBrian

CIA Triad

One foundational information security principle is the CIA triad. The CIA triad refers to the confidentiality, integrity, and availability of any resource you attempt to secure. In the book Foundations of Information Security, Andress (2019) explained how each of the parts of the CIA triad relates to a resource's security. Confidentiality is relevant because it determines who can access the resource. Integrity is relevant because a resource should not experience any unauthorized changes. Accessibility is relevant because these resources will still need to be accessed when needed (Andress, 2019).

 

Parkerian Hexad


Don Parker introduced a model which improved the CIA triad by incorporating three additional variables. Those variables are possession, control, and authenticity. Possession is related to where the data or resource is located and who has access to the physical location where the data is stored. Authenticity is associated with the attribution of the data or resource. If data or resources cannot be attributed to the proper owner, then they lack authenticity. Utility refers to how often the data is intended to be used in addition to the value it provides (Andress, 2019).

 

These principles are considered foundational because cyber-attacks involve the manipulation of one or more of these elements.

 

The Center for Internet Security (CIS), which is home to the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), published an Elections Security Spotlight about the CIA triad. In the blog post, the Center for Internet Security mapped a CIS Control to each of the elements of the CIA triad. CIS Control 14 ensures confidentiality by controlling access on a need-to-know basis. CIS Control 13 ensures data integrity by protecting the chain of custody for core devices. CIS Control 10 ensures availability by maintaining the capability to perform data recovery (CIS, 2018).


References

Andress, J. (2019). Foundations of Information Security. No Starch Press

Center for Internet Security (2018). Elections Security Spotlight – CIA Triad.

https://www.cisecurity.org/spotlight/ei-isac-cybersecurity-spotlight-cia-triad/

26 views0 comments

Recent Posts

See All

Comments


bottom of page