Almost every company, big or little, has sensitive information that must be kept confidential. This may be as simple as customer, employee, and vendor data, or it could be more complex intelligence property like source code or sales/marketing strategy.
Cyber Security professionals are guided by three principles, or what I like to call the three promises we make to the businesses for which we work, regardless of the type of information we are safeguarding. The CIA Triad, which stands for Confidentiality, Integrity, and Availability, is the name given to these ideals or guarantees.
Confidentiality is undoubtedly the most simple and simplest concept. Almost every company, as previously indicated, has something they need to keep confidential. Cyber security experts are actively involved in assisting their firms in securing such data, and they have a variety of technologies at their disposal to do so, including encryption, firewalls, intrusion detection, penetration testing, and security awareness training and policies.
The second guarantee is integrity, which entails ensuring that information is not altered in an unapproved[KR2] manner. To guarantee that the Integrity promise is honoured, access controls, logging, monitoring, and auditing are all employed. Cyber Security professionals, like Confidentiality experts, cannot simply lock information away to prevent a breach of Integrity. Information inside an organisation does and must change (for example, accounting balances must be updated and new leads must be entered into sales databases), but only in allowed and auditable ways.
The last promise, Availability, is sometimes ignored, and I constantly remind my students to cover the “A.” Availability refers to ensuring that the organisation has access to and uses its data, even if anything goes wrong (which it will). Organizations that lose access to their information, whether due to a malevolent hacker or, more often, a natural disaster, have a far higher probability of failing if the Availability guarantee is not taken into consideration. Cyber security experts must guard against not just digital attacks, but also anything that might impair access to critical company data.