The CIA Triad
Understand the CIA Triad and how it shapes cyber security mindset.
medium
60 min
123
To access material, start machines and answer questions login.
Now that we have gained the mandatory knowledge of the digital world, including the fundamentals of computers, operating systems, software, networks, and the web in the previous rooms, let's start our journey into cyber security and learn how to protect this digital world.
We often hear that cyber security protects the systems, networks, and applications from attacks. But have you ever wondered what cyber security protects inside the digital world? Cyber security focuses on protecting three key aspects, which we will learn in this room. At the end of the room, we will also get a hands-on exercise to validate our knowledge.
Learning Objectives
By the end of this room, we will be able to:
- Understand the pillars of cyber security
- Understand the purpose of Confidentiality, Integrity, and Availability
- Recognize Confidentiality, Integrity, and Availability in simple scenarios
- Make decisions to preserve these core aspects of cyber security
Prerequisites
Before beginning this room, it is recommended to complete all previous modules in this path.
I am ready to start!
In the past, most information was stored on physical papers. Today, the same information is stored as digital data on systems and communicated over the networks. Without having proper security in place, this digital data can suffer serious consequences. It can be exposed to the wrong people, modified without permission, or unavailable when needed most. So, protecting this digital data has become a core requirement for government, organizations, and individuals.
However, security does not simply mean stopping attacks or having security tools in place. In cyber security, being secure means ensuring specific conditions for the digital data. These conditions are the key aspects around which the security revolves.
- Confidentiality
- Integrity
- Availability
Together, these three principles explain what cyber security actually protects. These principles are known as the CIA Triad. Pretty much everything you would encounter during your journey through cyber security would revolve around them. You would either defend or attack the digital data to ensure these pillars remain intact.
Let's discuss each of these in detail, using real-world analogies.
Confidentiality
Confidentiality ensures that sensitive data can only be accessed by authorized individuals. If confidentiality is not maintained, unauthorized individuals can access the data, resulting in financial loss, privacy violations, or legal consequences.
Imagine you are having a private discussion with a friend about a personal matter, and an unknown person deliberately listens in and later uses that information to manipulate you. In this situation, the information you wanted to keep private was accessed by somebody who had no right to hear it. This directly harms confidentiality. In such cases, to ensure confidentiality in the future, you may decide to have such conversations in a secure area and be aware of your surroundings.
Now, let's take an example of the digital world. Imagine you are in a coffee shop and you log in to your social media account using the shop's publicly available network. After a few minutes, you are suddenly logged out, and you can no longer access your account because somebody intercepted your credentials from within the network while you were logging in. This is another example of confidentiality being harmed. To ensure confidentiality in the digital world, processes such as encryption and access controls are employed. These terms might be unfamiliar to you now, which is completely fine since you will be learning all this stuff in your cyber security journey.
The table below lists some examples of situations and whether confidentiality is achieved:
| Situation | Confidentiality Achieved? |
|---|---|
| Your Gmail credentials are written on sticky notes on your office table | No |
| Internal documents of the company are available to the employees who need them for their work |
Yes |
| One of your personal documents is available on the internet |
No |
Integrity
Integrity ensures that unauthorized individuals do not modify data. Without integrity, data can be altered and no longer be trusted. Unauthorized changes in data can sometimes lead to dangerous consequences.
Imagine your teacher gives you a good grade on your exam, and later somebody modifies that grade before it is submitted to the examination authority. This breaches the integrity of your exam grading. To ensure integrity in the future, your teacher might start noting the grades on a separate sheet and verifying them before final submission to the examination authority.
Now, let's consider a digital world example. Suppose you initiate a bank transfer to an account using your mobile device. Before the transaction completes, someone intercepts it and modifies the receiving account information. This results in the amount getting transferred where it wasn't supposed to. This also breaches the integrity. Several techniques are used to ensure integrity in the digital world, which you will learn during your cyber security journey.
The table below lists some examples of situations and whether integrity is achieved:
| Situation | Integrity Achieved? |
|---|---|
| Data changed through authorised approval | Yes |
| The attendance records of students changed after being locked by the teacher |
No |
| Order price modified before checkout |
No |
Availability
Availability ensures that data and services are available to authorized users when needed. Although it comes as the third and last pillar of the CIA Triad, it is no less important than the other two. Most businesses rely heavily on their digital services, and if those services become unavailable, there is no more business, causing a huge loss to them. Even a short period of downtime can have serious consequences on the businesses and users.
Imagine you deposit your money in a bank that keeps it very secure, but the bank is closed the day you need your money because of a power failure. Now, even though your money is in a secure place, if you, as the owner, cannot access it, it is useless. This is where availability matters. So, to ensure availability in such a case, your bank would likely deploy an alternative power generator to keep services running even if the main power fails.
In the digital world, many cyber attacks affect availability. For example, attackers send a large number of requests to a website that cannot handle them at once, causing it to go down and the business to suffer. No data is leaked or modified, but still the compromise of availability causes a huge loss. In such cases, websites implement measures to manage the traffic load and block requests when a certain threshold is exceeded, ensuring the website's availability.
The table below lists some examples of situations and whether availability is achieved:
| Situation | Availability Achieved? |
|---|---|
| Critical services disrupted by the installation of a software | No |
| Company's website went offline during business hours |
No |
| All the systems are accessible to employees during working hours |
Yes |
In the next task, we will learn how cyber security professionals use the CIA Triad. We will also solve a fun exercise to test our understanding of the CIA Triad.
Which pillar of the CIA focuses on preventing unauthorized modification of data?
Which pillar of the CIA focuses on preventing unauthorized access to data?
Which CIA pillar ensures data is available to users when needed?
Which CIA pillar gets impacted if the data becomes untrustworthy?
What is the term used collectively for all these pillars?
By now, you have learned about the CIA Triad (Confidentiality, Integrity, and Availability) and how each of its pillars play their role in protecting the digital information. However, CIA is not just a set of definitions, it's a security mindset of cyber security professionals. When a security incident occurs, it is often explained in terms of what was affected. Security professionals generally by asking questions like:
Was sensitive data exposed to unauthorized individuals?
Was data being modified without permission?
Were systems or services unavailable to users when they needed?
Having a clear understanding of each component of the CIA Triad enables one to assess the impact of any incident and decide on an appropriate response.
Hands-on Scenario
You are attending a cyber security workshop. As part of engagement exercises, they have given you an exercise to assess your foundational cyber security concepts. One part of the exercise is related to the CIA Triad, which you learned.
In this exercise, you are given nine different security incidents. You have to read them carefully and one by one. After that, you have to determine which part of the CIA triad is affected by them. Drag and drop the incidents in the area they affect the most.
What is the flag received after solving the exercise?
CIA Triad is not just a set of definitions; it's a mindset. What type of mindset is it?
Well done!
This room marks your first step into cybersecurity. You have learned a very important thing: What exactly do we protect in cyber security?
By understanding the CIA Triad, you have gained the knowledge of a core cyber security mindset, which is the foundation of many cyber security concepts you will encounter as you continue your journey in this field.
Key Terminology
Let’s recap the core terms you’ve learned. These definitions will help solidify your understanding before moving on to further learning.
- Confidentiality
Ensuring digital information is not available to unauthorized individuals. - Integrity
Ensuring digital information is not modified without permission. - Availability
Ensuring digital information is not unavailable when needed.
Further Learning
In the following rooms of this module, you will learn some other interesting areas of cyber security with some fun exercises.
Complete this room.
Ready to learn Cyber Security? Create your free account today!
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in