Q. What is CIA?
Confidentiality:
is:
- who can access
- how data is classified
enforced via:
- file permissions,
- encryption (how data is transferred & stored),
- secrecy (what you know),
- isolation (from network or in vault),
- Bell-LaPadula model
Integrity (of data):
is:
- who can change data
- verify data has not changed
- know data has been changed
enforce via:
- permissions
- hashing (traceability)
- digital signatures
- wax seals
- tamper evident packaging,
- Biba model
Availability:
is:
- Keep data and services online
- restore data after failure
- restore services quickly after failure (incl. DR)
- scale to peak capacity (DoS)
enforced via:
- testing
- redundancy
- anti malware
- backups
- Disaster Recovery plan (get data back)
- Business Continuity (get business back)