Table of Contents
CIA Triad
“ (Fair Use B01G2RY8H0)
”Security controls are typically evaluated on how well they address these core information security tenets. Overall, a complete security solution should adequately address each of these tenets. Vulnerabilities and risks are also evaluated based on the threat they pose against one or more of the CIA Triad principles. Thus, it is a good idea to be familiar with these security principles and use them as security guidelines for judging all things related to security.“ (Fair Use B01G2RY8H0)
These three principles are considered the most important within the realm of security.
However important each specifi c principle is to a specifi c organization depends on the organization’s security goals and requirements and on the extent to which the organization’s
security might be threatened.
Confidentiality
The fi rst principle of the CIA Triad is confi dentiality. If a security mechanism offers confi dentiality, it offers a high level of assurance that data, objects, or resources are restricted from unauthorized subjects. If a threat exists against confi dentiality, unauthorized disclosure could take place.
In general, for confi dentiality to be maintained on a network, data must be protected
from unauthorized access, use, or disclosure while in storage, in process, and in transit.
Unique and specifi c security controls are required for each of these states of data, resources, and objects to maintain confi dentiality.
Numerous attacks focus on the violation of confi dentiality. These include capturing net-
work traffi c and stealing password fi les as well as social engineering, port scanning, shoulder surfi ng, eavesdropping, sniffi ng, and so on.
Violations of confi dentiality are not limited to directed intentional attacks. Many
instances of unauthorized disclosure of sensitive or confi dential information are the result of human error, oversight, or ineptitude. Events that lead to confi dentiality breaches include failing to properly encrypt a transmission, failing to fully authenticate a remote system
before transferring data, leaving open otherwise secured access points, accessing malicious code that opens a back door, misrouted faxes, documents left on printers, or even walking
away from an access terminal while data is displayed on the monitor. Confi dentiality violations can result from the actions of an end user or a system administrator. They can also
occur because of an oversight in a security policy or a misconfi gured security control.
Numerous countermeasures can help ensure confi dentiality against possible threats.
These include encryption, network traffi c padding, strict access control, rigorous authentication procedures, data classifi cation, and extensive personnel training.
Confi dentiality and integrity depend on each other. Without object integrity, confi den-
tiality cannot be maintained. Other concepts, conditions, and aspects of confi dentiality
include the following:
Understand and Apply Concepts of Confidentiality, Integrity, and Availability 5
Sensitivity Sensitivity refers to the quality of information, which could cause harm or damage if disclosed. Maintaining confi dentiality of sensitive information helps to prevent harm or damage.
Discretion Discretion is an act of decision where an operator can infl uence or control disclosure in order to minimize harm or damage.
Criticality The level to which information is mission critical is its measure of criticality.
The higher the level of criticality, the more likely the need to maintain the confi dentiality of the information. High levels of criticality are essential to the operation or function of an organization.
Concealment Concealment is the act of hiding or preventing disclosure. Often concealment is viewed as a means of cover, obfuscation, or distraction.
Secrecy
Secrecy is the act of keeping something a secret or preventing the disclosure of
information.
Privacy Privacy refers to keeping information confi dential that is personally identifi able or that might cause harm, embarrassment, or disgrace to someone if revealed.
Seclusion Seclusion involves storing something in an out-of-the-way location. This location can also provide strict access controls. Seclusion can help enforcement confi dentiality protections.
Isolation Isolation is the act of keeping something separated from others. Isolation can be used to prevent commingling of information or disclosure of information.
Each organization needs to evaluate the nuances of confi dentiality they wish to enforce.
Tools and technology that implements one form of confi dentiality might not support or
allow other forms.
Integrity
The second principle of the CIA Triad is integrity. For integrity to be maintained, objects must retain their veracity and be intentionally modifi ed by only authorized subjects. If a security mechanism offers integrity, it offers a high level of assurance that the data, objects, and resources are unaltered from their original protected state. Alterations should not
occur while the object is in storage, in transit, or in process. Thus, maintaining integrity means the object itself is not altered and the operating system and programming entities
that manage and manipulate the object are not compromised.
Integrity can be examined from three perspectives:
■
Preventing unauthorized subjects from making modifications
■
Preventing authorized subjects from making unauthorized modifications, such as mistakes
■
Maintaining the internal and external consistency of objects so that their data is a cor-
rect and true reflection of the real world and any relationship with any child, peer, or
parent object is valid, consistent, and verifiable
6
Chapter 1 ■ Security Governance Through Principles and Policies
For integrity to be maintained on a system, controls must be in place to restrict access
to data, objects, and resources. Additionally, activity logging should be employed to ensure that only authorized users are able to access their respective resources. Maintaining and
validating object integrity across storage, transport, and processing requires numerous
variations of controls and oversight.
Numerous attacks focus on the violation of integrity. These include viruses, logic bombs,
unauthorized access, errors in coding and applications, malicious modifi cation, intentional replacement, and system back doors.
As with confi dentiality, integrity violations are not limited to intentional attacks. Human error, oversight, or ineptitude accounts for many instances of unauthorized alteration of sensitive information. Events that lead to integrity breaches include accidentally deleting fi les; entering invalid data; altering confi gurations, including errors in commands, codes, and
scripts; introducing a virus; and executing malicious code such as a Trojan horse. Integrity violations can occur because of the actions of any user, including administrators. They can also occur because of an oversight in a security policy or a misconfi gured security control.
Numerous countermeasures can ensure integrity against possible threats. These include
strict access control, rigorous authentication procedures, intrusion detection systems, object/
data encryption, hash total verifi cations (see Chapter 6 , “Cryptography and Symmetric Key Algorithms”), interface restrictions, input/function checks, and extensive personnel training.
Integrity is dependent on confi dentiality. Without confi dentiality, integrity cannot be
maintained. Other concepts, conditions, and aspects of integrity include accuracy, truthfulness, authenticity, validity, nonrepudiation, accountability, responsibility, completeness, and comprehensiveness.
Availability
The third principle of the CIA Triad is availability, which means authorized subjects
are granted timely and uninterrupted access to objects. If a security mechanism offers
availability, it offers a high level of assurance that the data, objects, and resources are accessible to authorized subjects. Availability includes effi cient uninterrupted access to objects and prevention of denial-of-service (DoS) attacks. Availability also implies that
the supporting infrastructure—including network services, communications, and access
control mechanisms—is functional and allows authorized users to gain authorized access.
For availability to be maintained on a system, controls must be in place to ensure autho-
rized access and an acceptable level of performance, to quickly handle interruptions, to provide for redundancy, to maintain reliable backups, and to prevent data loss or destruction.
There are numerous threats to availability. These include device failure, software errors,
and environmental issues (heat, static, fl ooding, power loss, and so on). There are also
some forms of attacks that focus on the violation of availability, including DoS attacks,
object destruction, and communication interruptions.
As with confidentiality and integrity, violations of availability are not limited to intentional attacks. Many instances of unauthorized alteration of sensitive information are caused by human error, oversight, or ineptitude. Some events that lead to availability breaches include accidentally deleting files, overutilizing a hardware or software component, underallocating resources, and mislabeling or incorrectly classifying objects. Availability violations can occur because of the actions of any user, including administrators. They can also occur because of an oversight in a security policy or a misconfigured security control.” (Fair Use B01G2RY8H0)
“Numerous countermeasures can ensure availability against possible threats. These include designing intermediary delivery systems properly, using access controls effectively, monitoring performance and network traffic, using firewalls and routers to prevent DoS attacks, implementing redundancy for critical systems, and maintaining and testing backup systems. Most security policies, as well as business continuity planning (BCP), focus on the use of fault tolerance features at the various levels of access/storage/security (that is, disk, server, or site) with the goal of eliminating single points of failure to maintain availability of critical systems.” (Fair Use B01G2RY8H0)
“Availability depends on both integrity and confidentiality. Without integrity and confidentiality, availability cannot be maintained. Other concepts, conditions, and aspects of availability include usability, accessibility, and timeliness.” (Fair Use B01G2RY8H0)
CIA Priority
Every organization has unique security requirements. On the CISSP exam, most security concepts are discussed in general terms, but in the real world, general concepts and best practices don’t get the job done. The management team and security team must work together to prioritize an organization’s security needs. This includes establishing a budget and spending plan, allocating expertise and hours, and focusing the IT and security staff efforts. One key aspect of this effort is to prioritize the security requirements of the organization. Knowing which tenet or asset is more important than another guides the creation of a security stance and ultimately the deployment of a security solution. Often, getting started in establishing priorities is a challenge. A possible solution to this challenge is to start with prioritizing the three primary security tenets of confidentiality, integrity, and availability. Defining which of these elements is most important to the organization is essential in crafting a sufficient security solution. This establishes a pattern that can be replicated from concept through design, architecture, deployment, and finally, maintenance.“ (Fair Use B01G2RY8H0)
Do you know the priority your organization places on each of the components of the CIA Triad? If not, find out.
An interesting generalization of this concept of CIA prioritization is that in many cases military and government organizations tend to prioritize confidentiality above integrity and availability, whereas private companies tend to prioritize availability above confidentiality and integrity. Although such prioritization focuses efforts on one aspect of security over another, it does not imply that the second or third prioritized items are ignored or improperly addressed.” (Fair Use B01G2RY8H0)