Understanding CIA Triad In Cyber Security

Adeniyi SalauPosted oninCYBER SECURITYLeave a comment
Understanding CIA Triad In Cyber Security

 

Information security deals with protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. In this article, I will be talking about CIA Triad in cyber security. Follow me as we are going to look at that together in this article. 

CIA Triad

As shown in the figure, the CIA triad consists of three components of information security:

  • Confidentiality – Only authorized individuals, entities, or processes can access sensitive information.
  • Integrity – This refers to the protection of data from unauthorized alteration.
  • Availability – Authorized users must have uninterrupted access to the network resources and data that they require.

Network data can be encrypted (made unreadable to unauthorized users) using various cryptography applications. The conversation between two IP phone users can be encrypted. The files on a computer can also be encrypted. These are just a few examples. Cryptography can be used almost anywhere that there is data communication. In fact, the trend is toward all communication being encrypted.

Zero Trust Security

Zero trust is a comprehensive approach to securing all access across networks, applications, and environments. This approach helps secure access from users, end-user devices, APIs, IoT, microservices, containers, and more. It protects an organization’s workforce, workloads, and workplace.

The principle of a zero-trust approach is, “never trust, always verify.” Assume zero trusts any time someone or something requests access to assets. A zero-trust security framework helps to prevent unauthorized access, contain breaches, and reduce the risk of an attacker’s lateral movement through a network.

 

Traditionally, the network perimeter, or edge, was the boundary between inside and outside, or trusted and untrusted. In a Zero trust approach, any place at which an access control decision is required should be considered a perimeter.

This means that although a user or other entity may have successfully passed access control previously, they are not trusted to access another area or resource until they are authenticated. In some cases, users may be required to authenticate multiple times and in different ways, to gain access to different layers of the network.

PEOPLE ALSO READ:  Transport Layer Session Establishment: How It Is Done

The three pillars of zero trust are workforce, workloads, and workplace.
Click on the buttons to learn more about the pillars of zero trust.

Zero Trust for the Workforce
Zero Trust for Workloads
Zero Trust for the Workplace

#1 Zero Trust for the Workforce

This pillar consists of people (e.g., employees, contractors, partners, and vendors) who access work applications by using their personal or corporate-managed devices. This pillar ensures only the right users and secure devices can access applications, regardless of location.

#2 Zero Trust for Workloads

This pillar consists of people (e.g., employees, contractors, partners, and vendors) who access work applications by using their personal or corporate-managed devices. This pillar ensures only the right users and secure devices can access applications, regardless of location.

#3 Zero Trust for Workplace

This pillar focuses on secure access for any and all devices, including on the internet of things (IoT), that connect to enterprise networks, such as user endpoints, physical and virtual servers, printers, cameras, HVAC systems, kiosks, infusion pumps, industrial control systems, and more.
This pillar consists of people (e.g., employees, contractors, partners, and vendors) who access work applications by using their personal or corporate-managed devices. This pillar ensures only the right users and secure devices can access applications, regardless of location.

Access Control Models

An organization must implement proper access controls to protect its network resources, information system resources, and information.
A security analyst should understand the different basic access control models to have a better understanding of how attackers can break the access controls.
The table lists various types of access control methods.
Access Control Models Description
Discretionary access control (DAC)
  • This is the least restrictive model and allows users to control access to their data as owners of that data.
  • DAC may use ACLs or other methods to specify which users or groups of users have access to the information.
Mandatory access control (MAC)
  • This applies the strictest access control and is typically used in military or mission critical applications.
  • It assigns security level labels to information and enables users with access based on their security level clearance.
Role-based access control (RBAC)
  • Access decisions are based on an individual’s roles and responsibilities within the organization.
  • Different roles are assigned security privileges, and individuals are assigned to the RBAC profile for the role.
  • Roles may include different positions, job classifications or groups of job classifications.
  • Also known as a type of non-discretionary access control.
Attribute-based access control (ABAC) ABAC allows access based on attributes of the object (resource) to be accessed, the subject (user) accessing the resource, and environmental factors regarding how the object is to be accessed, such as time of day.
Rule-based access control (RBAC)
  • Network security staff specify sets of rules regarding or conditions that are associated with access to data or systems.
  • These rules may specify permitted or denied IP addresses, or certain protocols and other conditions.
  • Also known as Rule-Based RBAC.
Time-based access control (TAC) TAC Allows access to network resources based on time and day.
PEOPLE ALSO READ:  Analysing Network Security Topology In Cybersecurity
Another access control model is the principle of least privilege, which specifies a limited, as-needed approach to granting user and process access rights to specific information and tools. The principle of least privilege states that users should be granted the minimum amount of access required to perform their work function.
A common exploit is known as privilege escalation. In this exploit, vulnerabilities in servers or access control systems are exploited to grant an unauthorized user, or software process, higher levels of privilege than they should have. After the privilege is granted, the threat actor can access sensitive information or take control of a system.
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

PEOPLE ALSO READ:  Common Network Analysis Tool For Cyber Security Analysts

 

     

Fact Check Policy
Contact Us

Loading

Related Posts

Instagram FeedInstagram Feed
Using Embed Shoppable Instagram Feed On Your...
Brands ultimately used Shoppable Instagram Feed for the upliftment of...
Read more
Information Security Management System: Facts To Note
An Information Security Management System (ISMS) consists of a management...
Read more
Mttt Meaning- What It Is And Why...
  The mttt meaning has been debated, discussed and dissected by...
Read more
8 Perfect Ways to Design Custom Printed Lip Balm Boxes8 Perfect Ways to Design Custom Printed Lip Balm Boxes
8 Perfect Ways to Design Custom Printed...
  Cosmetic products have become an important part of our lives....
Read more
Political Dominion. RCCG Sunday School Manual.Political Dominion. RCCG Sunday School Manual.
Political Dominion. RCCG Sunday School Manual.
  Memory Verse: "And hast made us unto our God kings...
Read more
Highlighting Major Outputs Of Project Life CycleHighlighting Major Outputs Of Project Life Cycle
Outputs Of Project Life Cycle: The Major...
    In my previous article, I looked at some of the...
Read more
Considerations When Using Paid SearchConsiderations When Using Paid Search
Major Considerations When Using Paid Search: Ways...
There are strategic considerations for when to use paid search,...
Read more
CNG And LPG CarsCNG And LPG Cars
CNG And LPG Cars: Why They Are...
  Earlier making the final choice to fix an Autogas structure,...
Read more
CRMNuggets Whatsapp Channel
truehost

Adeniyi Salau

Adeniyi Salau is a highly dedicated and committed Blogger of repute. He likes sharing his IT knowledge with others. My desire is to impact as many lives as possible with my IT skills. You can download my mobile APP. Download the ICTLOAD APP on Google Playstore. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Enable Notifications OK No thanks