Security Concepts: The CIA Triangle
Another important General concept. The CIA Triangle sets out the requirements for computer systems, and the storage and transfer of data.
The CIA Triangle
The CIA triangle, (or CIA Triad) is another information security model, The term has been around since the late 1990's. It aims to help organisations to shape policies towards keeping data secure. As developers Thinking of how each of these elements can affect the data we store can help when designing software and systems.
Not that CIA.
Dispute its name it has nothing to do with the US Central Intelligence Agency. Although you would hope that they follow the CIA triangle.
The CIA triangle has the following elements:
Confidentiality
Only authorised users and processes should be able to access or modify data.
This is one of the easy ones to conceptualise.
We need to ensure the the privacy of the information we store or transmit
within our networks.
This means that we need to take measures to prevent any sensitive
data from unauthorised access, while still making it available to those who are
authorised.
A loss of confidentiality happens when data is available to someone who shouldn't
be able to see it.
The most well known loss of confidentiality is the data breach (for example the Adobe or Marriott breaches1) where information stored by an organisation is made publicly available, either through hacking or negligence.
Aside from breaches, we also need to make sure that only those who should have access to the data can read it. Having different access levels for data so not all employees can access it. For example, as a lecturer I should be able to see your grades for modules that I teach on, but is it relevant for me to see your progress in other modules?
Its not just electronic.
While we think of data breaches as being electronic, there are still a surprising number of physical breaches. For example, portable devices containing confidential data can be lost or stolen2, or physical records can be improperly disposed of3.
As developers it is difficult for us to do anything about the stupidity of others, but using tools like encryption can help mitigate the damage.
There are a number of approaches we need to consider around confidentially. We will cover these in more detail later:
Access Control: Authentication
Authentication is the process that allows a system to determine the user is who they say they are. This includes systems such as passwords, security tokens etc.
Access control: Authorisation
Determines what authenticated users can access. For example can a user only access their own "private" messages, or is sensitive data restricted to those that need it.
Cryptography
One useful tool here is cryptography, encrypting sensitive data can help make it difficult for an attacker to get to the plain text information if the data is intercepted. While cryptography is not a cure for the problem, it can help reduce the impact if (and when) the confidentially of data is broken.
Integrity
Data should be maintained in the correct state, and Nobody should be able to improperly modify it, either maliciously or accidentally.
Data integrity comes in several forms.
The first is ensuring that our programs correctly process the data provided. We can do this though the standard design process and unit-testing approaches. However remember that unit testing is based around assumptions of how a system, or user will behave. So will not catch all of those logical errors[^civGandhi]
The second is ensuring that we can trust the data that is stored. Our first step here is ensuring that the data can only be modified by those who have permission.
Finally, we need to consider the internal consistency of the data. Can we be sure that it is not corrupted or interfered with during transmission?
Note
Again, as devs there will be elements of trust that are outside of our control.
For example, while we can make sure our program correctly processes any data, ensuring that the data entered is correct is a much harder task.
However, we can still do a lot of work towards marking sure that any data entered into the system is not tapered with as it is transmitted between locations, and ensuring the users authenticated.
Like confidentially, our first stage of maintaining the integrity of data is access control. Allowing unauthenticated users to modify the data (or authenticated users to modify data that doesn't "belong" to them can compromise the integrity of your records.
For example, while you should be able to see your grades for a module, you should not be able to modify them. Having appropriate access levels is vital.
When it comes to internal integrity, we can make use of cryptography functions. Hashing, and checksum provide us with a way to ensure that the data has not been modified between transmission and receipt.
Availability
Data should be available to Authorised users when they need it.
The final part of the CIA triangle is the availability of data. A lot of this is a technical aspect. DO we have enough processing power, or the correct infrastructure to ensure that there are no bottlenecks when a user needs to access data. What about redundancy, if part of the system fails, are there backup systems in place to allow users to continue working?
However, there are also policy decisions to be made here. How do we backup the data we store (and ensure the integrity of the backup). What security decisions do we need to make about these backups.
Implementing the CIA Triangle
From the examples given above it is clear that there are two major themes when it comes to the CIA triangle.
-
Access Control:
Making sure users are who they claim to be, and they have the right to modify the data
-
Cryptography:
Encrypting or encoding the data in such a way that only those with permission to read it can.
We will look at each of these elements in detail later in the course.
Summary
In this article we looked at the CIA triangle, and how it can guide the decision making process when designing systems.
While the elements of the CIA triangle give is a way of conceptualising information security, they are not fully independent. Each of the elements may overlap, and there may be a need to strike a balance between different elements of the Triangle,
The CIA Triangle #CIA
Like the three pillars, the CIA triangle gives us a useful way of contextualising cyber security.
However, sometimes the elements of the triangle may be in conflict. For example encryption may be great for confidentiality, but depending on the algorithm used, could effect the availability of the data.
For our final Asynchronous task for the week, use the feed on aula and the tag #CIA
to discuss this conflict:
- Can you think of any other areas where there is overlap.
- Can you give an example of where the elements of the triangle overlap.
Further Reading
The [Parkerian Hexad] (http://cs.lewisu.edu/mathcs/msisprojects/papers/georgiependerbey.pdf) is closely related to the CIA triangle, but with some of the elements broken down into further detail.