Definitions/Confidentiality-integrity-availability

From aldeid
Jump to navigation Jump to search

CIA (Confidentiality, integrity and availability) triad

We use to say that security is a balance between confidentiality, integrity and availability, as shown on the following graph:

  • Confidentiality: concerns the secrecy and confidentiality of data. Each company must assess the degree of confidentiality to adapt the level of security. It won't be for example mandatory to use a secure connection like SSH to connect two computers on a ad-hoc network. Reversly, it would be inapropriate to remotely (via the Internet) administrate a firewall gear via telnet protocol.
  • Integrity: concerns the confidence we can have on data. For example, if you never check the file integrity on backups, you could have a very bad surprise the day you would need these backups if they are missing some data.
  • Availability: It is common to measure availability on a server that is connected on the Internet (e.g. web hosting). This indicator measures the quality of the service.