Monday, July 10, 2017

What is CIA?

The Three Pillars – CIA

Anything in Information security ultimately boils down to ensuring that either or all of three pillars is ensured. These three pillars are – Confidentiality, Integrity, and Availability.



It is thus extremely important that you understand the meaning of these terms. From an exam perspective, a lot many questions will be focused on identifying the following:
  1. Which of three pillars is violated?
  2. Which of the three pillars is ensured if a certain action is taken?
  3.  What will a certain control ensure to provide or protect?

Even from an organizational perspective, all the policies, procedures, standards and guidelines are made to ensure that the three pillars of information security are catered for.
So, let’s understand these concepts now.
Before I begin, let’s be very clear that I’m not going to write down the definitions provided by any agency or organization. You can get them in any book and they are mostly as clear as mud. It is important to study these definitions too, however, from an exam perspective, simple is the best.

The focus here is only to explain you the concepts in the simplest manner.

Confidentiality – “Unauthorized disclosure should not happen” – These five words are more than sufficient for you to answer any question.

Integrity- “Unauthorized modification should not happen”

Availability – “Information be available at the right time to the right people”

Now let’s apply the above definitions to a variety of scenarios. You’ll notice that these definitions work in every scenario.

Scenario: You have an account with ABC bank; you deposit a sum of 1000Rs into the bank. The bank clerk accesses your account and deposits the money. You have been issued a debit card having a PIN (personal identification number) which is to be kept secret. You now go shopping and try to use a debit card for spending 500Rs from your account. 

Try to answer the following questions now basis the definitions explained above:

Q1. The clerk tries to access your account and withdraws a sum of 200Rs from your account without your permission. Which of three pillars is violated?

Answer – Since unauthorized access has happened, confidentiality is violated.

Q2. When you access your account, you are not able to log in and check your balance. Which of the three pillars is affected in this case?

Answer – Since you are not able to access your account at the time you want, Availability is affected here.

 Q3. When you are finally able to log in, you notice that instead of 1000Rs as deposited, you only have 800Rs in your account. Which pillar has fallen?

Answer – The integrity of the account is questioned here as unauthorized modification has happened.

If you have understood the concepts above, now try to answer the following questions and mention your answers in the comments section below. Answers to these questions will follow in the next blog post.

Which of the three pillars will be affected in these scenarios?
Q1. The shopkeeper notices the PIN which you enter.
Q2. The server is not responding and you are not able to do the transaction.
Q3. The transaction stops mid-way and your account is debited, however, the merchant does not get the money.
Q4. You get a message from the bank citing that someone has hacked into your account.
Q5. You click on the link provided in the message and find that the bank’s site is not accessible.
Q6. You call up the bank and the bank resets your account password without your permission.




1 comment:

Vishal Gupta said...

1. Confidentiality
2. Availability
3. Availability
4. Confidentiality
5. Availability
6. Integrity