The core principles of Information Security are centered around what’s known as the CIA Triad, which stands for:
๐ 1. Confidentiality
Definition: Ensuring that information is only accessible to those authorized to have access.
Goal: Prevent unauthorized access, disclosure, or exposure of sensitive data.
Examples:
- Encrypting emails or files
- Using strong passwords
- Role-based access control (RBAC)
โ 2. Integrity
Definition: Maintaining the accuracy and completeness of information throughout its lifecycle.
Goal: Prevent unauthorized modifications, deletions, or corruption of data.
Examples:
- Hashing data for verification
- Version control
- Access logging and monitoring
๐ถ 3. Availability
Definition: Ensuring that authorized users have reliable and timely access to information and systems when needed.
Goal: Prevent downtime or denial of access caused by attacks or system failures.
Examples:
- Redundant systems (backups, failover)
- DDoS protection
- Power supply and network reliability
๐ก๏ธ Optional: Additional Principles
While the CIA triad is the foundation, modern InfoSec often considers these extended principles:
๐งพ 4. Authenticity
Verifying that users, systems, and data are genuine.
Example: Multi-factor authentication (MFA), digital certificates
๐ 5. Accountability (Non-repudiation)
Ensuring actions can be traced to responsible individuals.
Example: Audit logs, digital signatures
ย