CIA, a convenient reminder

Q. What is CIA?

Confidentiality:

is:

  • who can access
  • how data is classified

enforced via:

  • file permissions,
  • encryption (how data is transferred & stored),
  • secrecy (what you know),
  • isolation (from network or in vault),
  • Bell-LaPadula model

Integrity (of data):

is:

  • who can change data
  • verify data has not changed
  • know data has been changed

enforce via:

  • permissions
  • hashing (traceability)
  • digital signatures
  • wax seals
  • tamper evident packaging,
  • Biba model

Availability:

is:

  • Keep data and services online
  • restore data after failure
  • restore services quickly after failure (incl. DR)
  • scale to peak capacity (DoS)

enforced via:

  • testing
  • redundancy
  • anti malware
  • backups
  • Disaster Recovery plan (get data back)
  • Business Continuity (get business back)

Leave a Reply

Your email address will not be published. Required fields are marked *