The phrase CIA triad refers to the mnemonic CIA; Confidentiality, Integrity and Avaliability - the 3 aims of Information security
- Confidentiality
- Restricting access to information to those who are privileged to see it. Network sniffing is an example of a violation of confidentiality.
- Integrity
- This is trust that can be placed in the information. Data integrity is having trust that the information has not been altered between its transmission and its reception. Source integrity is having trust that the sender of that information is who it is supposed to be. Data integrity can be compromised when information has been corrupted, willfully or accidentally, before it is read by its intended recipient. Source integrity is compromised when an agent "spoofs" its identity and supplies incorrect information to a recipient.
- Availability
- The majority of information security technologies and mechanisms are aimed at preserving Confidentiality and Integrity. Availability defines that information or resources are available when required. Most often this means that the resources are available at a rate which is fast enough for the wider system to perform its task as intended. It is certainly possible that a confidentiality and integrity are protected, but an attacker causes resources to become less available than required, or not available at all. See "Denial of Service".
Another component of information security is often forgotten, and is:
- Accountability
- This is synonymous with non-repudiation. The non-repudation of reciept of information means that an agent can't deny receiving information. This can prevent an online-vendor from being obliged to ship replacement goods to a malicious customer who denies receiving the original items. The non-repudiation of sourcing information means that an agent can't deny send information. This prevents an agent from anonymously sending spoofed emails with malicious intent, for example. Often there are wider laws and regulations governing the requirements for Accountability.
