Is it CIA or AIC? #security

Hey guys…

Are you familiar with the CIA? Let me clear you about this abbreviation.

It does not stand for ‘Central Intelligence Agency’. It stands for “Confidentiality, Integrity, and Availability”.

To eliminate this confusion, it is often referred to as “AIC” i.e. Availability, Integrity, and Confidentiality. These are the 3 pillars of security.

The AIC triad is a model that is designed especially for companies to form security policies. The 3 major elements of this triad are considerably crucial for security purposes.

Let us go deep into these elements:-

Availability- Well, it refers to the accessibility of information in a specific location and correct format by an authorized person. High availability systems are mainly designed to improve availability. What is included in this element?

  • Maintenance of hardware and repairs
  • Proper operating system
  • Up-to-date software
  • Preventing bottlenecks
  • Fast and adaptive disaster recovery plan

Integrity- It is a kind of surety that the information is relevant, trustworthy, and protected from unauthorized use. All these need file permission and user access control. To prevent any accidental changes like deletion, version control is used. For the verification process of integrity, data might include checksums and cryptographic checksums. If data is accidentally deleted, then backup or redundancy must be there as an alternative to restore the data.

Confidentiality- It can be defined as a set of rules or sort of method to protect personal information. It truly resembles its name ‘confidentiality’. It keeps the client’s information confidential without even disclosing to colleagues. Access to the data is only restricted to authorize users. It may also require special training to safeguard data confidentiality. In this kind of training, security risks are included which can threaten the information therefore, training proves to help determine authorized users with risk factors involved and ways to protect from them.

In addition to this, for the security purpose-strong passwords and various social engineering methods are also part of the training.

Data encryption is the most common method of protecting confidentiality. To cite an example-user id & password, 2FA, biometric verification, security tokens, soft tokens, etc.

Furthermore, to protect sensitive information, one may store on air-gapped computers, hard copies, or disconnected storage devices.

For more great content like this, subscribe to our monthly newsletter:

[newsletter]