The CIA Triad - CompTIA Security+ SY0-701 - 1.2
Understanding the CIA Triad in IT Security
Overview of the CIA Triad
- The CIA Triad represents fundamental principles of IT security, often referred to as AIC Triad to avoid confusion with the Central Intelligence Agency. However, it is commonly known as the CIA Triad.
Components of the CIA Triad
- Confidentiality: Ensures that private information is accessible only to authorized individuals. This can be achieved through methods like encryption and access controls.
- Integrity: Guarantees that data sent from one party to another remains unchanged during transmission. Techniques such as hashing and digital signatures are used to verify integrity.
- Availability: Focuses on ensuring systems are operational and accessible when needed. Fault tolerance is a key strategy for maintaining availability.
Confidentiality Explained
- Confidentiality can be maintained through encryption, where data is transformed into a secure format that unauthorized users cannot read.
- Access controls limit who can view or modify certain types of information, ensuring sensitive data remains protected from unauthorized access.
- Additional authentication factors enhance confidentiality by requiring multiple credentials for system access.
Integrity Mechanisms
- Hashing provides a way to confirm that received data matches what was sent by comparing hashes generated at both ends.
- Digital signatures add an extra layer of integrity by encrypting hashes with asymmetric algorithms, confirming both data authenticity and sender identity.
Importance of Availability