CIA Triad Notes

Two Big 'A's in Confidentiality

Authentication - verifying that a person is who they say they are

Examples include passwords, two-factor authentication, biometric scans

Authorization - determining if a person should have access to data
To keep information safe, most organization use a "need to know" policy when granting access to information

Confidentiality Examples

• Strong Password

• Two-factor authentication

• biometric scanning

Digital Security

• Using a key or ID badge to get into a secure building or room

​Physical Security

Integrity Examples

Data that should have integrity:
- Medical Records
- Bank accounts
- Class grades
- Applications (job, college, mortgage, etc.)

Confidentiality methods can also protect integrity. You can't change/delete data if you can't access it.

Example: Sharing a GoogleDoc as "read-only" prevents the wrong people from editing

What is Encryption?

Data encryption is a way to keep important information safe. It changes the data into a secret code that only certain people can understand. This is important because it keeps our private information secure. Even if someone bad gets their hands on the data, they won't be able to read it. Encryption helps protect our information when it's stored and when it's being sent from one place to another. If someone tries to look at the data without permission, it will just look like a bunch of random letters and numbers, like a jumble of random stuff.

Availability

• Website doesn't load when too many people visit it

• Files saved on only one hard drive are lost when it is damaged

Poor Examples ❌

• App on your phone works when you open it

• Phone automatically updates to the most recent operating system

Good Examples ✅

Why is the CIA Triad important?

Keeping Data Secure

• Avoid loss of sensitive information

• Protect people from fraud, phishing, and identity left

• Prevent profit loss and reputation of businesses

• Avoid legal consequences for mishandling data