What is CIA triad, security threats and AAA in cyber security
Table of Contents
This articles help you to learn about CIA triad in information security, different types of security threats and AAA in cyber security.
What is CIA Triad
There are three components present for maintaining good security. They are:
- Confidentiality: Only authorised person can access the data. For instance, if you want to view your bank balance, you need to provide username and password to view your balance , the username and password acts as confidentiality.
- Integrity: Data should not be modified by unauthorised person. Only the authorised person can make change to the data.
- Availability: Data should be available to access by the users all the time. If you can’t able to access the data when needed, then its a problem for the businesses.
Only when all three components are in place, it is said to be good security. For instance, if you have good integrity and confidentiality but lacks availability, then it is not good security practice.
AAA of security
The three A’s stands for:
- Authentication: Providing proof for your identity and confirmed by the system is authentication. Different methods of authentications are Something you know(Username or Password), Something you are(fingerprint or eye scan), Something you have(credit card or token),something you do(the way you sign your name), somewhere you are(GPS).
- Authorisation: It is when a person is given privilege to access certain data. Only authorised person should be able to access the sensitive data.
- Accounting: Tracking of data, resources and network usage. This can be useful when there is a breach, you can have a look at the log files to identify who and how the breach happened.
We will cover four major security threats in this section:
- Malware: A malicious software when installed can gain access to your system. Malware can be things such as Trojan, viruses, worms, spyware, rootkits, adware, ransomware and so on.
- Unauthorised Access: When a piece of data is accessed by an unauthorised person without the knowledge of the owner is known as unauthorised access.
- System failure: When an application fails or the system crashes is known as a system failure.
- Social Engineering: Social engineering in simple terms is influencing people to do an action to gain their confidential information. This is the most common type of attack used by cyber criminals to manipulate an user to give their password, credit card number, national security number and more.
There are different ways to mitigate the threats from occurring. They are:
- Physical controls: This can be surveillance camera, security guards, identity card and alarm system which can be placed unauthorised people to enter the building.
- Technical controls: This can be Intrusion detection system, access control list, network authentication, encryption and so on. This helps to monitor and control the traffic in their network.
- Administrative control: These are security awareness training, policies, incident response management, disaster recovery management and procedures. There are two types of administrative controls, they are procedural and legal controls. An organisation can choose procedural control on its own. Legal controls that have to be done because of the lawsuit.
Other Article: What is malware and virus| Types of malware and virus