CIA Triad Model
Information warfare has increased in recent years because of the technology boom. Many infrastructures and systems are linked to the internet; hence online information has increasingly become valuable. It is, therefore, vulnerable to attacks by criminals who intend to use it for financial, terror attacks, or other purposes. Internet networks are vulnerable to intrusion, exploitation, and degradation, which have magnified replications because of increased dependency on the networks. Cybersecurity is, therefore, vital for individuals, organizations, and the nation because the loss of information or alteration has the potential to cause war, crises, criminal activities, and international competition (Johnson, 2008). The CIA developed an information security triad that helps to maintain security for any security system. The CIA triad created by Clark and Wilson in 1987, is guided by the principles of Confidentiality, Integrity, and Availability. It aims at guiding information policies in organizations.
The first principle of the CIA Triad is confidentiality. Confidentiality is required for data as well as ensuring privacy. It ensures that unauthorized individuals do not access confidential information. The wrong people do not access sensitive information, while the right people can access it at any time anywhere. The privacy aspect ensures that the organization has control over the individuals who collect and store the information. Organizations can improve confidentiality through the categorization of data according to the amount and the risks it faces in case of unauthorized access. These make it easy for the organization to select preventive measures to protect the information.
Confidentiality of data requires the training of employees for them to understand the importance. The training familiarizes the employees with associated risk factors and the importance of maintaining information private. Training also helps people to understand the response measures to be taken when confidentiality of information has been lost. Measures to increase confidentiality include encryption, cryptography, biometric verification, and use of passwords (Moghaddasi, Sajjadi, & Kamkarhaghighi, 2016). Data encryption converts information into secret codes that can only be understood by specific individuals. Encryption also ensures that data is unreadable except to those with passwords or key. The organization should as well protect data physically through the use of locks and having security systems. Employees also ensure they do not leave data unattended in places that can be reached by others.
The CIA Triad also ensures that the integrity of data is maintained. Integrity ensures that the accuracy, trustworthiness, and consistency of data is maintained. Cybercriminals can access and change data before it reaches the intended receiver. The results of the received message can cause loss of money, deny services, and harm to others. Integrity ensures that unauthorized individuals cannot alter data. The integrity of data is therefore provided by control of access, having backups, regular data audits, and file permissions. Data received should be verified and validated to ensure its accuracy and that it as not been corrupted. Employees should verify data by identifying key attributes and specifications from the organization. One should also identify inconsistencies and things that ensure that data is not corrupted. It is also important to remove duplicate data to ensure that unauthorized individuals do not access it. The organization should also have applications to trace data corruption and initiate response measures.
The final principle, which is available, is ensured by maintaining a proper state of the hardware and functioning operating system. The environment also achieves availability is free from software conflict and upgrading systems. When information systems are experiencing problems, there is a need for fast recovery of systems to ensure the availability of information. There is also a need to ensure that data is not available for unauthorized individuals. The availability of information can be improved through failover redundancy systems, HA clusters, and rapid disaster recovery capabilities. The organization should as well have safeguarding strategies against impulsive events such as natural disasters and fire. The availability of data is also enhanced by having a backup in an isolated location, proxy servers, and firewalls. These measures safeguard data during attacks that aim to deny the user’s services. Informational systems should always be running, giving administrators and leaders’ access to critical networks and controls.
NIST cybersecurity framework’s five functions
The NIST cybersecurity framework provides the methodology for managing risks associated with cybersecurity. The framework includes strategies that should be included in the cybersecurity program to meet the unique needs of a particular organization. The framework is meant to help organizations improve and strengthen cybersecurity measures. The framework guides all types and sizes of organizations because it is tailored to suit the specific needs of the organization. It is outcome drive; hence it is flexible, scalable, and feasible. The NIST framework has an increased understanding of cybersecurity, risk management, understanding the current practices concerning cybersecurity, and prioritization for budgets to improve cybersecurity. The framework helps to identify vulnerabilities and risks, define the probability of risks, identify mitigation approaches and security approaches, and implement measures to achieve the desired outcomes. The framework contains three components, including implementation tiers, framework core, and profiles (NIST, 2019). The purpose of this paper is to discuss the functions which are found in the framework core. The five high-level functions include Identify, Protect, Detect, Respond, and Recover. They are applicable in cyber risk management and the general risks that affect an organization. The functions are the primary pillars of a holistic and successful cybersecurity program.
The first function of the NIST framework is identifying. Identify increases understanding of how to handle cybersecurity risk to systems, capabilities, people, data, assets, and people. Understanding the scope of cybersecurity is vital for every organization is vital because it can then prioritize information security efforts to reduce risks. The organization also understands the unique needs based on their activities and operations. It helps to identify physical and software assets that are important in the development of the asset management program. It also identifies the business environment, cybersecurity policies, governance programs, asset vulnerabilities, internal and external organizational resources threats, and the strategies required to manage risks. The categories of identifying are asset management, risk management, business environment, risk asset and management strategies, and supply chain risk management. An example in the identify function is the inclusion of cybersecurity measures in the mission and vision statement to ensure that they guide all the operations.
The second function is to protect, which outlines the appropriate measures to safeguard the delivery of critical infrastructure services. It aims at limiting or eliminating the effects of a cyber attack event. In protection, measures taken include Awareness and Training employees, ensuring that data security protection is consistent with confidentiality, integrity, and availability of information, access control, identity management, protection processes, and procedures, and protective technology. The third function is detecting. Detecting ensures that cyber risks are identified on a timely basis (NIST, 2018). Timely discovery of cybersecurity events ensures timely response, which reduces potential damages. Detecting categories include the detection of anomalies and events, processes, and continuous monitoring. Examples of intrusion detection applications are ACARM-ng, AIDE, and Fail2ban.
The fourth function of the NIST framework is a response. After the detection of cyber issues, there is a need for the organization to implement measures to reduce its effect. Measures taken in response should be timely and accurate, and this is depended on preparation, communication, and analysis conducted of the problem to develop strategies to mitigate the impacts of a security breach. The response should be information-based and should incorporate lessons learned from current and previous detection and response initiatives. The last function is recovery. Recovery procedures aim at increasing the resilience of cybersecurity, the implementation of new and improved capabilities, repairing damaged ones, and improving existing ones. The response should as well be informed by lessons learned.